To use vault securely you must set the
disablemlock setting in the
values.yaml to false as per the Hashicorp Vault recommendation.
For non-production environments it is acceptable to leave this value set to true. However, this does enable a potential security issue where encrypted credentials could potentially be swapped onto an unencrypted disk. For this reason we recommend you always set this value to false to ensure mlock is enabled.
vault: disablemlock: true
vault: disablemlock: false