1.15.4.7 Caching credentials

By default, credentials are fetched each time they're used. When many pipelines are configured this can result in a ton of requests to the credential server.

To reduce load on your credential server you may want to enable caching by setting the following env on the web node:

CONCOURSE_SECRET_CACHE_ENABLED=true

Enabling secret caching will cache secrets from both credential managers and from var sources.

By default, credentials will be cached for one minute at a time. This value can be increased to further reduce load on the server like so:

CONCOURSE_SECRET_CACHE_DURATION=5m # increase from 1m default

Credential cache duration can also determined by the credential manager itself - for example, if Vault returns a lease duration for a credential, the shorter value between the configured cache duration and the credential's lease duration will be used.

By default, the absence of a credential is also cached for 10 seconds so that Concourse doesn't keep looking for a misconfigured credential. This duration can be configured like so:

CONCOURSE_SECRET_CACHE_DURATION_NOTFOUND=1s # decrease from 10s default

1.1	Getting Started
1.2	Install
1.3	Auth & Teams
1.4	The `fly` CLI
1.5	Config Basics
1.6	Pipelines
1.7	Vars
1.8	Resources
1.9	Resource Types
1.10	Jobs
1.11	Steps
1.12	Tasks
1.13	Builds
1.14	How-To Guides
1.15	Operation
1.16	Observation
1.17	Internals