# template\_config

The **`template_config` stanza** sets the global defaults for the templating engine. It can only appear once in the configuration and applies to all templates managed by the vHSM Agent. While the `template` stanza controls how and where a particular secret is rendered, `template_config` defines how the templating engine itself behaves and integrates with the rest of the agent. These settings cover aspects such as exit behavior on failures and system-wide rendering policies. Over time, additional parameters may be introduced that affect the engine’s global operation.

The **`template` stanza** defines how the vHSM Agent renders a specific secret to a file, using [Consul Template](https://github.com/hashicorp/consul-template/blob/main/docs/templating-language.md) syntax. Unlike `template_config`, multiple `template` stanzas can be declared, allowing you to render different secrets into different files as needed.

When the vHSM Agent is started with templating enabled, it will attempt to acquire a vHSM token using the configured [auto-auth method](/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/auto_auth.md). On failure, it will back off for a short while including some randomness to help prevent thundering herd scenarios and retry. On success, secrets defined in the templates will be retrieved from vHSM and rendered locally.

#### Example `template_config`

```hcl
template_config {
  exit_on_retry_failure         = true
  static_secret_render_interval = "10m"
  max_connections_per_host      = 20
  lease_renewal_threshold       = 0.9
}
```

#### Parameters

* **`exit_on_retry_failure`** *(Boolean, Optional, default: false)*\
  If set to `true`, the agent will exit when template rendering fails permanently after retries. When `false`, the agent continues retrying. Use this to enforce strict template availability.
* **`static_secret_render_interval`** *(Duration string, Optional)*\
  Specifies how often *static secrets* (non-leased, non-renewable ones such as KV v2 secrets) are re-rendered. For example, `"10m"` means every 10 minutes. If this is not set, static secrets are not automatically re-rendered unless other triggers occur.
* **`max_connections_per_host`** *(Integer, Optional, default: 10)*\
  Limits how many simultaneous HTTP connections the templating engine uses when talking to the vHSM server for each host. Helps avoid overloading the server or running into connection limits.
* **`lease_renewal_threshold`** *(Float, Optional, default: 0.9)*\
  For dynamic or leased secrets (including tokens), specifies the fraction of the lease duration after which renewal is attempted. For example, `0.9` means: renew when 90% of the lease time has elapsed.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/template_config.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.