Memory usage with file storage

venkannat · April 19, 2021, 3:01pm

Hello,

We have low memory platforms where memory usage is a concern and we want to use vault for storing some secrets and query using telegraf

We are using simple file storage as shown below

storage “file” {
path = “/var/lib/vault/”
}

With this, we are seeing ~190MB memory usage, and with mlock disabled I am seeing ~56MB.
/usr/local/bin/vault server -config=/etc/vault_config.hcl
Address Kbytes RSS Dirty Mode Mapping
0000000000400000 36700 36700 0 r-x-- vault
00000000027d7000 49768 49768 0 r---- vault
0000000005871000 568 568 568 rw— vault
00000000058ff000 196 196 196 rw— [ anon ]
000000c000000000 65536 65536 65536 rw— [ anon ]
0000146789a8c000 37316 37316 37316 rw— [ anon ]
00007ffd37067000 132 132 132 rw— [ stack ]
00007ffd3717a000 12 0 0 r---- [ anon ]
00007ffd3717d000 8 8 0 r-x-- [ anon ]
ffffffffff600000 4 0 0 r-x-- [ anon ]
---------------- ------- ------- -------
total kB 190240 190224 103748

with mlock disabled
Address Kbytes RSS Dirty Mode Mapping
0000000000400000 36700 23196 0 r-x-- vault
00000000027d7000 49752 22436 0 r---- vault
000000000586d000 568 504 92 rw— vault
00000000058fb000 196 116 116 rw— [ anon ]
000000c000000000 65536 8304 8304 rw— [ anon ]
000014a6059d5000 37316 596 596 rw— [ anon ]
00007fffe67bf000 132 12 12 rw— [ stack ]
00007fffe67f0000 12 0 0 r---- [ anon ]
00007fffe67f3000 8 4 0 r-x-- [ anon ]
ffffffffff600000 4 0 0 r-x-- [ anon ]
---------------- ------- ------- -------
total kB 190224 55168 9120

as per documentation mlock disable is not recommended as swap on our systems is NOT encrypted, but disk may be encrypted.

So, I want to understand how I can reduce the memory used by Vault in above scenario where some how I configure to minimum possible values and lock only few pages instead ~100MB seen.
Also on the code front, can I reduce further size of vault by removing any optional modules possible (No HA, No Replication, No Consul, No integrated memory etc. which are not used for above simple configuration?)

Please do let me know if there are any other ways possible apart from file storage option (but that should not result in adding more modules etc. which will in turn increase memory usage ultimately)

Thanks,
VT