Proxy Configuration
Learn about configuring a Proxy for vHSM
General Configuration Options
vault
Defines the remote Vault server connection.
auto_auth
Configures Auto-Auth functionality.
api_proxy
Sets API Proxy options.
cache
Defines caching behavior.
listener
Configures the listener for Vault Proxy.
pid_file
Stores the proxy’s process ID (PID).
exit_after_auth
If true, proxy exits after a successful auth.
disable_idle_connections
Disables idle connections (auto-auth, proxying).
disable_keep_alives
Disables keep-alive connections.
template
Configures secret templating.
telemetry
Reports runtime metrics.
Vault Stanza
Option
Description
address
Vault server address (https://vault.example.com:8200).
ca_cert
Path to CA certificate for SSL verification.
client_cert
Path to client TLS certificate.
client_key
Path to private key matching client_cert.
tls_skip_verify
Disables TLS verification (not recommended).
tls_server_name
Specifies SNI host name for TLS connections.
Retry Stanza
Option
Default
Description
num_retries
12
Number of retry attempts on failure (-1 to disable retries).
Listener Stanza
Option
Default
Description
require_request_header
false
Requires X-Vault-Request: true for added security.
role
default
Set to metrics_only for metrics access only.
proxy_api
<optional>
Manages Proxy API endpoints.
Proxy API Stanza
Option
Default
Description
enable_quit
false
Enables the quit API endpoint.
Telemetry Stanza
vHSM Proxy collects runtime metrics, including:
Metric
Description
vault.proxy.auth.failure
Count of authentication failures.
vault.proxy.auth.success
Count of authentication successes.
vault.proxy.proxy.success
Number of successfully proxied requests.
vault.proxy.proxy.client_error
Count of Vault API errors.
vault.proxy.proxy.error
Count of failed proxy requests.
vault.proxy.cache.hit
Number of cache hits.
vault.proxy.cache.miss
Number of cache misses.
Last updated
Was this helpful?