What's the normal Vault latency?

Google Cloud Apigee
1

We’re using the vault to store key/cert/password being used by Node.js application. There seems to be about 10ms latency in reading the values out.

Does this sound about right..? 10ms seems a lot in the grand scheme of API performance. Is there a way to improve the perfomance?

2

@Dave Pickard - Presumably, you are using the

GET /o/{organization}/vaults/{name}/entries/{entryname} api to retrieve the entry ? If yes, Does it take 10 ms even if you were to run the api from outside node too ?

If not, Could you elaborate on how exactly you are reading the values and measuring the time ?

3

Here’s the code. One (key!) detail I did miss above was that there are 3 parallel reads.

        var d1 = new Date();
        var t1 = d1.getTime();
        console.log("Start time:" + t1);
        var orgVault = apigee.getVault('vaultname', 'environment');   
        async.parallel(
            [
                function(callback) {
                    orgVault.get('key', function(err, key) {
                        callback(err, key);
                    }); 
                },
                function(callback) {
                    orgVault.get('cert', function(err, cert) {
                        callback(err, cert);
                    }); 
                },
                function(callback) {
                    orgVault.get('password', function(err, password) {
                        callback(err, password);
                    }); 
                }
            ],
            function(error, results) {
                if(error) {
                    ...
                } else {
                    var key = results[0];
                    var cert = results[1];
                    var password = results[2];
                       
                    var d2 = new Date();
                    var t2 = d2.getTime();
                    console.log("End time:" + t2);

                    ...
                }
            }
        );
4

Here’s the code. One (key!) detail I did miss above was that there are 3 parallel reads.

        var d1 = new Date();
        var t1 = d1.getTime();
        console.log("Start time:" + t1);
        var orgVault = apigee.getVault('vaultname', 'environment');   
        async.parallel(
            [
                function(callback) {
                    orgVault.get('key', function(err, key) {
                        callback(err, key);
                    }); 
                },
                function(callback) {
                    orgVault.get('cert', function(err, cert) {
                        callback(err, cert);
                    }); 
                },
                function(callback) {
                    orgVault.get('password', function(err, password) {
                        callback(err, password);
                    }); 
                }
            ],
            function(error, results) {
                if(error) {
                    ...
                } else {
                    var key = results[0];
                    var cert = results[1];
                    var password = results[2];
                       
                    var d2 = new Date();
                    var t2 = d2.getTime();
                    console.log("End time:" + t2);

                    ...
                }
            }
        );
5

Take into account that Apigee needs to load node.js librarya, execute the code (include decrypting the value) and vaults are stored using Cassandra. For what I have read in future release of Apigee this could be supported in a native policy in Apigee.