mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 19:17:02 +02:00
Code Issues Projects Releases Wiki Activity
1c9090b117
vault/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/kubernetes.mdx
Violet Hynes 1c9090b117
VAULT-19278 Static secret caching docs (#23621) 
* VAULT-19278 First draft of static secret caching docs

* VAULT-19278 Add warning to Agent docs, fix capitalization

* VAULT-19278 typos/formatting

* VAULT-19278 changelog

* VAULT-19278 update based on PR feedback

* VAULT-19278 review feedback

* VAULT-19278 Update based on review

* VAULT-19278 update based on PR feedback

* VAULT-19278 incorporate a lot of PR feedback

* VAULT-19278 Rest of the suggestions

* VAULT-19278 I missed a suggestion

* VAULT-19278 More updates

* VAULT-19278 add docs for disable dynamic secret caching

* VAULT-19278 update changelog

* VAULT-19278 update based on comments
2023-11-02 16:01:49 -04:00

26 lines
1.3 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Kubernetes - Vault Agent Persistent Cache
description: Kubernetes Persistent Cache for Vault Agent Caching
---
# Vault Agent Kubernetes persistent cache
When `kubernetes` is configured for the persistent cache type, Vault Agent will optimize the
persistent cache specifically for Kubernetes. This type of persistent cache requires a Kubernetes
service account token. The service account token is used during encryption and decryption of the
persistent cache as an additional integrity check.
The Vault Agent persistent cache file in Kubernetes should only be used for handing off Vault tokens
and leases between initialization and sidecar Vault Agent containers. This cache file should be shared
using a memory volume between the Vault Agent containers.
If the Vault Agent Injector for Kubernetes is being used, the persistent cache is automatically configured
and used if the annotation [`vault.hashicorp.com/agent-cache-enable: true`](/vault/docs/platform/k8s/injector/annotations#vault-hashicorp-com-agent-cache-enable) is set.
## Configuration
- `service_account_token_file` `(string: optional)` - When type is set to `kubernetes`,
this configures the path on disk where the Kubernetes service account token can be found.
Defaults to `/var/run/secrets/kubernetes.io/serviceaccount/token`.
Reference in New Issue View Git Blame Copy Permalink