vault/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/index.mdx

---
layout: docs
page_title: Vault Proxy Persistent Caching
description: Vault Proxy Caching
---

# Vault Proxy Persistent Caching

Vault Proxy can restore tokens and leases from a persistent cache file created
by a previous Vault Proxy process. The persistent cache is a BoltDB file that
includes tuples encrypted by a generated encryption key. The encrypted tuples
include the Vault token used to retrieve secrets, leases for tokens/secrets, and
secret values.

-> **Note:** Vault Proxy Persistent Caching will only restore _leased_
secrets. Secrets that are not renewable, such as KV v2, will not be persisted.

In order to use Vault Proxy persistent cache, auto-auth must be used. If the
auto-auth token has expired by the time the cache is restored, the cache will
be invalidated and secrets will need to be re-fetched from Vault.

-> **Note** Vault Proxy persistent cache is currently supported only in a
Kubernetes environment.

## Vault Proxy Persistent Cache Types

Please see the sidebar for available types and their usage/configuration.

## Persistent Cache Example Configuration

Here is an example of a persistent cache configuration.

```hcl
# Other Vault Proxy configuration blocks
# ...

cache {
  persist "kubernetes" {
    path = "/vault/proxy-cache"
  }
}
```