mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-08 23:57:01 +02:00
f48c70a449
* VAULT-15546 First pass at Vault Proxy docs * VAULT-15546 correct errors * VAULT-15546 fully qualify paths * VAULT-15546 remove index * VAULT-15546 Some typos and clean up * VAULT-15546 fix link * VAULT-15546 Add redirects so old links stay working * VAULT-15546 more explicit redirects * VAULT-15546 typo fixes * Suggestions for Vault Agent & Vault Proxy docs (#20612) * Rename 'agentandproxy' to 'agent-and-proxy' for better URL * Update the index pages for each section * VAULT-15546 fix link typo --------- Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
23 lines
1.0 KiB
Plaintext
23 lines
1.0 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Kubernetes - Vault Proxy Persistent Cache
|
|
description: Kubernetes Persistent Cache for Vault Proxy Caching
|
|
---
|
|
|
|
# Vault Proxy Kubernetes Persistent Cache
|
|
|
|
When `kubernetes` is configured for the persistent cache type, Vault Proxy will optimize the
|
|
persistent cache specifically for Kubernetes. This type of persistent cache requires a Kubernetes
|
|
service account token. The service account token is used during encryption and decryption of the
|
|
persistent cache as an additional integrity check.
|
|
|
|
The Vault Proxy persistent cache file in Kubernetes should only be used for handing off Vault tokens
|
|
and leases between initialization and sidecar Vault Proxy containers. This cache file should be shared
|
|
using a memory volume between the Vault Proxy containers.
|
|
|
|
## Configuration
|
|
|
|
- `service_account_token_file` `(string: optional)` - When type is set to `kubernetes`,
|
|
this configures the path on disk where the Kubernetes service account token can be found.
|
|
Defaults to `/var/run/secrets/kubernetes.io/serviceaccount/token`.
|