Caching support #259
Description
I'd like to know the Hashicorp position on this, whether it's a desirable addition to client libraries or not, basically. I'd very much like to use Vault as a system for dynamically retrieving runtime secrets on every time they need to be used - this would help to facilitate rapid rotation and freshness of credentials as per best practices. For some of our systems though, this will mean retrieving secrets very frequently - potentially numerous times per second.
I have two concerns with this:
- The eventual saturation of the Vault cluster with requests and addition of any latency to and from the Vault cluster on every operation of our applications, adding to their overall request servicing latency.
- How to mitigate the impact on applications when Vault is down for maintenance or due to error.
Caching for a small period could mitigate both of these problems. Is there any interest in building this capability into the client library for Vault?