Documentation

Gateway Caching

Important:

For ongoing Gateway configuration changes, always use the Gateway Configuration Manager, Akeyless CLI, or Helm values (for Kubernetes) to manage settings for the entire Gateway cluster.

Never configure only a single Gateway instance in a cluster. All instances in a cluster must be managed together using the supported tools above. Configuring only one instance, or making changes to individual containers or pods, will result in configuration drift, inconsistent behavior, and potential security or availability risks.

Avoid per-instance container startup command changes for routine updates. These should only be used for initial bootstrap or emergency recovery, not for ongoing management.

Use this section to choose the right Gateway caching method for your environment.

Cache Types

Gateway caching has four practical patterns to choose from:

TypeBest forAvoid when
Runtime CachingStandard request acceleration and reduced repeated SaaS fetchesYou need all reads to always bypass cache
Proactive CachingPre-warming and refresh jobs to reduce first-read latencyYour environment is rate-limit constrained
Cluster Cache (Standalone)Shared Redis cache for multi-pod Gateway with low operational overheadYou require cache failover across Redis node or pod failures
Cluster Cache High Availability (HA)Sentinel-based high-availability cache service for resilient shared cacheYou prefer the simplest deployment footprint and can accept standalone Redis risk

Choosing a Caching Method

Use this starting decision flow:

  1. Start with runtime caching for most environments.
  2. Add proactive caching when you need faster first-read performance for frequently used secrets.
  3. Add standalone cluster cache when running multiple Gateway pods that should share cache state.
  4. Use Cluster Cache High Availability (HA) when shared cache availability across failures is a requirement.

For planning guidance and tradeoffs, see Gateway Best Practices: Caching strategy considerations.

For Kubernetes proactive cache sizing guidance, see Gateway Best Practices: Resource planning for Kubernetes proactive cache.

Configure in Gateway UI

To manage cache runtime settings from Gateway Configuration Manager:

  1. Open https://<your-gateway-url>:8000/console.
  2. Go to Gateways, then Your Gateway, then Manage Gateway, then Caching Configuration.
  3. Configure cache and proactive cache options.
  4. Save changes.

For Kubernetes deployment keys (globalConfig.clusterCache, cacheHA, and persistence options), see Helm Values Reference.

Use the Akeyless CLI to update cache runtime settings, for example:

akeyless gateway update cache \
--enable-cache true \
--enable-proactive true \
--stale-timeout 60 \
--minimum-fetch-interval 5 \
--gateway-url 'https://<Your-Akeyless-GW-URL>:8000'

ignore-cache Behavior

The ignore-cache flag is intended to bypass cache and fetch directly from SaaS.

akeyless get-secret-value --name /mysecret --ignore-cache true

In disconnected mode (when SaaS is unreachable), runtime still checks cache first even when ignore-cache=true. If the value is not cached, the request fails.

Updated 6 days ago

Footer Section