Gateway Cache

Overview

When Gateway Cache is enabled, it works for all types of secrets.

The most straightforward use cases are the following:

  • The Gateway Cache is used to improve performance when fetching secrets.

  • The Proactive Cache enables storing all types of secrets in the Gateway Cache in advance upon successful user authentication.

Configure the Gateway Cache

To enable and configure the Gateway Cache:

  1. Open the Akeyless Gateway Configuration Manager at https://Your_Akeyless_Gateway_URL:8000.

  2. On the menu bar at the left, click Caching.

  3. Select the Enable Cache checkbox.

  4. Set the Stale Timeout value. This is the time (in minutes) during which a secret should be kept in the cache. The secret is deleted from the cache at the end of this period. By default, cached secrets will expire after 60 minutes.

  5. Click Save Changes.

👍

Note

Usually, after the “Stale Timeout” period expires for a secret, the secret is deleted from the Gateway Cache.

When Proactive Caching is enabled and there is no internet connection, the Gateway Cache won’t delete old items until the internet connection is restored.

Configure the Proactive Cache

The Proactive Cache fetches from the Akeyless Cloud and stores in the Gateway Cache all secrets upon successful authentication (based on the user access policy).

For backup purposes, all those secrets are also saved in an encrypted storage file (~/tmp/cache.dat).

To ensure continuous work upon Gateway restart, you might consider working with persistence storage mounted to your instance for Docker deployments.

To enable and configure the Proactive Cache:

  1. Open the Akeyless Gateway Configuration Manager at https://Your_Akeyless_Gateway_URL:8000.

  2. On the menu bar at the left, click Caching.

  3. Select the Enable Proactive Caching checkbox.

  4. Set the Minimum Fetching Interval value. This setting instructs the system to update secrets in the cache if they are older than the specified value. By default, each secret kept in the cache for more than 5 minutes will be re-requested from the Akeyless Cloud or the local Gateway.

  5. Set the Secure Backup Interval value. This is the time (in minutes) between the two consecutive backups. By default, every minute, a snapshot with the current contents of the Gateway Cache is saved to the storage file.

  6. Click Save Changes.

Bypass Cache

When Cache is enabled by default, any client that requests a secret from the relevant Gateway will receive the latest cached value of the secret. To work directly with the Akeyless SaaS, to ensure you are retrieving the latest value of the secret, you can specify the ignore-cache setting as part of the request to by-pass the cache mechanism :

akeyless get-secret-value -n /mysecret --ignore-cache true