Client-Side Response Caching Using Vault Agent
Oct 07, 2019
This talk will discuss features that existed in Vault Agent and explain the new caching functionality that came in Vault 1.1, followed by a demo.
Vault has features to improve performance-based scaling to meet a high number of read and write requests. These features include:
- Performance replication
- Performance standbys
- Batch tokens.
However, outside externalities like misconfigured clients and applications can cause problems. Ideally, clients should use the Vault tokens until they expire. Failing to do so causes creation of a huge number of tokens, leading to a write burden on Vault, which can get problematic.
Vault Agent in cache mode provides a solution. In this mode, specific responses from Vault get cached on the client side. Whenever clients request new tokens, the Vault Agent performs cache-lookup to return the cached token response. This avoids fresh token creations thereby reducing write loads on Vault. The same is applicable to leases as well. When clients request new credentials, Vault Agent performs a cache-lookup to return credentials with valid leases instead of requesting fresh credentials. Vault Agent acts as DDoS protector against misconfigured clients that continuously request for credentials.
Vault Software Engineer, HashiCorp