mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-11 00:57:00 +02:00
1c9090b117
* VAULT-19278 First draft of static secret caching docs * VAULT-19278 Add warning to Agent docs, fix capitalization * VAULT-19278 typos/formatting * VAULT-19278 changelog * VAULT-19278 update based on PR feedback * VAULT-19278 review feedback * VAULT-19278 Update based on review * VAULT-19278 update based on PR feedback * VAULT-19278 incorporate a lot of PR feedback * VAULT-19278 Rest of the suggestions * VAULT-19278 I missed a suggestion * VAULT-19278 More updates * VAULT-19278 add docs for disable dynamic secret caching * VAULT-19278 update changelog * VAULT-19278 update based on comments
40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Proxy Persistent Caching
|
|
description: Vault Proxy Caching
|
|
---
|
|
|
|
# Vault Proxy persistent caching
|
|
|
|
Vault Proxy can restore tokens and leases from a persistent cache file created
|
|
by a previous Vault Proxy process. The persistent cache is a BoltDB file that
|
|
includes tuples encrypted by a generated encryption key. The encrypted tuples
|
|
include the Vault token used to retrieve secrets, leases for tokens/secrets, and
|
|
secret values.
|
|
|
|
In order to use Vault Proxy persistent cache, auto-auth must be used. If the
|
|
auto-auth token has expired by the time the cache is restored, the cache will
|
|
be invalidated and secrets will need to be re-fetched from Vault.
|
|
|
|
-> **Note** Vault Proxy persistent cache is currently supported only in a
|
|
Kubernetes environment.
|
|
|
|
## Vault Proxy persistent cache types
|
|
|
|
Please see the sidebar for available types and their usage/configuration.
|
|
|
|
## Persistent cache example configuration
|
|
|
|
Here is an example of a persistent cache configuration.
|
|
|
|
```hcl
|
|
# Other Vault Proxy configuration blocks
|
|
# ...
|
|
|
|
cache {
|
|
persist "kubernetes" {
|
|
path = "/vault/proxy-cache"
|
|
}
|
|
}
|
|
```
|