Delinea Credentials Cache

Delinea Credentials Cache is a web service that caches secrets from Secret Server or Delinea Platform and provides those secrets to clients. This service reduces the number of repeated API calls to the vault for the same secret, which improves performance. Delinea Credentials Cache can be deployed on Windows, Linux, or as a Docker container. The service is accessed over HTTP or HTTPS.

Delinea Credentials Cache works with Secret Server Cloud, Secret Server On-Premises, and Secret Server on the Platform.

Delinea Credential Cache Support for all types Of Secret template. The cache now captures and stores all types of secrets, including credentials, SSH private and public keys, certificates, PEM files, and tokens.

Event Pipeline-Based Secret Update

Problem Context

In some environments, background RPC processing may experience intermittent failures, delays in secret synchronization, and limited visibility into execution status. These issues can cause Delinea Credentials Cache to operate with outdated credentials, impacting downstream integrations and applications.

Solution

To address this, Delinea provides an event-driven approach that eliminates reliance on background RPC execution. This solution uses Secret Server Event Pipelines to proactively notify the Credentials Cache whenever a secret password changes. Rather than waiting for a TTL to expire, the cache is refreshed immediately after each change.

Key benefits:

• Secret updates are triggered immediately after a password change.
• Cache synchronization is more reliable and transparent than TTL-based expiration.
• Execution status and failures are visible through Event Pipeline monitoring.

Architecture Overview

The high-level flow is as follows:

1. A secret password changes in Secret Server.
2. The Event Pipeline Policy evaluates the trigger and finds a match.
3. A pipeline task is created and sent to the Distributed Engine.
4. The Distributed Engine executes the PowerShell script.
5. The script calls the Credentials Cache /api/secretchanged endpoint.
6. Credentials Cache fetches the updated secret from Secret Server.
7. The cache is refreshed successfully.

For implementation steps, see one of the following topics depending on your environment:

• Configuring Secret Server
• Configuring the Delinea Platform

Deployment Methods

Delinea Credentials Cache supports two deployment methods. Both methods provide access to the same API endpoints and Swagger UI.

	Standard Installation	Docker Container
Hosting	Windows (IIS) or Linux (Apache with systemd)	Docker on any host OS
Configuration	appsettings.json file	Environment variables (-e flags)
Certificate Management	Managed by IIS or the host OS certificate store	Mounted into the container via Docker volumes
Best For	Persistent server deployments with existing IIS or Apache infrastructure	Portable, repeatable deployments; environments already using containers

To deploy using a standard installation, see Installing Delinea Credentials Cache on Windows.
For Linux-specific configuration, see Installing Delinea Credentials Cache on Linux

To deploy using Docker, see Delinea Credential Cache Containerization.

Delinea Credentials Cache has been implemented and tested to improve performance in the following integrations:

• Integrating WebSphere Application Server with Delinea Using the JDBC Proxy Driver

• Integrating Tomcat Server with Delinea Using the JDBC Proxy Driver

• Integrating Secret Server with MID Server Credential Resolver

• Integrating the Delinea Platform with ServiceNow MID Server Credential Resolver

For more information about Delinea Credentials Cache, see the following topics: