Skip to content



Figgy implements multiple levels of cache to maximize performance.


Remote cache:#

DynamoDB is leveraged as a remote cache for Figgy and is deployed as part of the standard Figgy Footprint.

DynamoDB was chosen for the following reasons:

  • Serverless
  • Highly performant
  • Supports native AWS IAM authentication & authorization
  • Native streaming data integrations which are useful for our use cases
  • Supports record TTLs for auto-cache expiration
  • Inexpensive and immensely scalable

The figgy-config-cache DyanmoDB table will be provisioned in every Figgy integrated AWS environment and is required. Without this cache Figgy would be required to continually query rate-limited AWS ParameterStore APIs. Paginating these APIs is a very slow operation and would greatly affect Figgy CLI performance.

Like the Figgy audit log, the remote figgy-config-cache table is maintained and updated by Lambdas triggered by AWS CloudTrail events. These events are triggered by change operations on ParameterStore values.

Local cache: ~/.figgy/cache/#

A local cache is used for storing various user-configured preferences and non-secret data; including a list of currently active parameter names in each environment. On each run, the Figgy CLI queries a remote cache to retrieve a list of updates since the last Figgy CLI execution and applies these changes to the local cache. These values inform auto-complete recommendations and the Browse Tree.

Anonymous usage metrics are also logged in a local cache. These metrics are always logged locally, but are only reported if the user has enabled anonymous usage metric reporting.

Local encrypted cache: ~/.figgy/lockbox/#

Also known as the "Figgy Vault", the Figgy CLI caches SSO and AWS STS temporary session credentials in a local encrypted cache. This encrypted cache is tapped as-needed in subsequent Figgy executions. SSO session duration is based on the remote party's (OKTA / Google) session duration configurations and will be refreshed when existing cached sessions expire.