How to specify Plugin resource constraints

We have seen a few occurrences of a Vault plugin taking up too many resources on the Vault node and atleast once causing Vault to seal as a result. The plugin in question often has multiple processes spawned when one of the upstream services that it connects to goes down. Is there a way to restrict the number of forks and amount of resources for a custom plugin - cpu, memory, open connections, etc.? I could not find anything in the Vault docs. Any references to the best practices would be recommended.

We have had some trouble with timeouts on Postgress and Oracle and neither seem to support any timeout updates through configurations, at least by the documentation that I have found.

I’m working with support to see if there is any other way around this or if it’s a enhancement request.

If it’s possible to do so (I don’t think it’ll be easy), my guess would be some sort of custom code or patch for the plugin if the source is in github.

Having robust plugins would definitely help but having ability to restrict resources available to the plugin would be better as it would guard against misbehaving plugins. Since the custom plugins run as child processes of the main vault process, constraining them using is resource limit might be helpful. At this point, I am looking for available options/best practices. Happy to explore possibilities of an enhancement to the vault plugin spawner if needed.