Cache Expiration Control

Credential cache relies on a Time-to-Live (TTL), which is 10 minutes by default. Once the TTL expires, the next request for the same secret will always fetch the updated value from Secret Server. If a secret is rotated within the TTL window (i.e., within 10 minutes), the cache returning the old value is expected behavior. Cache stores any secret that is requested via the API. It is not limited to MID Server credentials.

You can configure how long secrets remain cached before expiring by modifying the cache expiration setting.

Configuration Location

The cache expiration setting is located in the appsettings.json file in your Credentials Cache installation directory on the Distributed Engine.

File Path:

• For Windows: Navigate to [Distributed-Engine-Root]\wwwroot\[DelineaCredentialCache-folder]\appsettings.json
• For Linux: Navigate to [credcache-installation-directory]/appsettings.json

Setting Details

Parameter:CredentialCacheExpirationMinutes

Default Value: 10 minutes

Description: This setting determines how long a cached secret remains valid before expiring and being automatically removed from the cache.

To modify the cache expiration:

1. Open the appsettings.json file in a text editor.
2. Locate the CredentialCacheExpirationMinutes parameter.
3. Set the value to your desired expiration time (in minutes).
   • Example: Set to 15 for 15 minutes, 20 for 20 minutes, etc.
4. Save the file.
5. Restart the Credentials Cache service for changes to take effect.

Example Configuration:

                {
                "CredentialCacheExpirationMinutes": 10,
                "LogPath": "C:\\DCC\\Logs",
                "EnableLogging": true
                }
            

Additional Settings:

The appsettings.json file also contains the following settings:

• LogPath: Specifies the directory where log files are stored
• EnableLogging: Set to true to enable logging or false to disable log writing