Vault read performance issue with Kubernetes role with high number of policy


I’m currently using Vault on Kubernetes with Raft storage. We have some Kubernetes roles that have a high number of policy attached (3000) and we noticed some heavy CPU usage when using these roles. Also, read query are really slow.

I did not find anything about this being related but query on the same set of secrets with the root token do not incure high CPU usage and query are faster.

Should I just not used as much policy on a role, but in or case it is quite useful, or is there something happening that vault check policy with each query and take some time to “compute” the permissions ?

I’m really confused about this and unsure of what I should tweak if possible ?