Proxy Configuration

Learn about configuring a Proxy for vHSM

General Configuration Options

Option
Description

vault

Defines the remote Vault server connection.

auto_auth

Configures Auto-Auth functionality.

api_proxy

Sets API Proxy options.

cache

Defines caching behavior.

listener

Configures the listener for Vault Proxy.

pid_file

Stores the proxy’s process ID (PID).

exit_after_auth

If true, proxy exits after a successful auth.

disable_idle_connections

Disables idle connections (auto-auth, proxying).

disable_keep_alives

Disables keep-alive connections.

template

Configures secret templating.

telemetry

Reports runtime metrics.

Vault Stanza

Option

Description

address

Vault server address (https://vault.example.com:8200).

ca_cert

Path to CA certificate for SSL verification.

client_cert

Path to client TLS certificate.

client_key

Path to private key matching client_cert.

tls_skip_verify

Disables TLS verification (not recommended).

tls_server_name

Specifies SNI host name for TLS connections.

Retry Stanza

Option

Default

Description

num_retries

12

Number of retry attempts on failure (-1 to disable retries).

Listener Stanza

Option

Default

Description

require_request_header

false

Requires X-Vault-Request: true for added security.

role

default

Set to metrics_only for metrics access only.

proxy_api

<optional>

Manages Proxy API endpoints.

Proxy API Stanza

Option

Default

Description

enable_quit

false

Enables the quit API endpoint.

Telemetry Stanza

vHSM Proxy collects runtime metrics, including:

Metric

Description

vault.proxy.auth.failure

Count of authentication failures.

vault.proxy.auth.success

Count of authentication successes.

vault.proxy.proxy.success

Number of successfully proxied requests.

vault.proxy.proxy.client_error

Count of Vault API errors.

vault.proxy.proxy.error

Count of failed proxy requests.

vault.proxy.cache.hit

Number of cache hits.

vault.proxy.cache.miss

Number of cache misses.

Last updated

Was this helpful?