search

status-im / infra-template

Infrastructure fleet template
0 stars 2 forks source link

Vault lookup - Add cache #13

Open apentori opened 1 month ago

apentori commented 1 month ago

In order to make the lookup plugin faster, it could be cool to add a cache to store the secret object during the playbook execution in order to reduce the number of call to vault.

jakubgs commented 1 week ago

The cache wold obviously have to be encrypted, for example with GPG public key.

I can see at least 3 ways to do this:

  1. Cache is permanent and stays in user home.
  2. Cache is temporary in /tmp and is attached to its parent Ansible process.
  3. Cache is temporary in /tmp and time-based, old versions removed.

In general I'm leaning towards the temporary approach, but we can start with simple permanent solution in user home and go from there to develop a good temporary approach. The issue with the temporary approach is that you probably can't tell which Ansible call to lookup plugin is the last in a given Ansible run.