HASHICORP VAULT STORAGE BACKEND DECISION TREE
With over 15 supported storage backends, it can be a bit of an arduous task to determine which storage backend should be used for a HashiCorp Vault deployment. The goal of this blog post is to help simplify that process with a simple visual decision tree that accounts for some of the common decision points when determining which storage backend to utilize for a deployment.
Development Storage Backend
The filesystem and In-memory storage backends are both great options for quickly getting started with HashiCorp Vault. The other storage backends require an external server(s) or service in order to start using them.
Preferred Production Storage Backend
The preferred storage backend is Hashicorp’s Consul product which is the only backend that checks both the high availability and Hashicorp supported boxes. The reference architecture created by HashiCorp details how Vault can be implemented in a highly available manner using HashiCorp consul.
Cloud Agnostic Highly Available Backend Options
The following storage backends are viable options for cloud agnostic solutions that allow any underlying IaaS platform to be used given that the backend isn’t tied to a particular cloud provider’s managed service.
- HashiCorp Consul
- Etcd
- Zookeeper
Cloud-Specific Backend Options
There a number of public cloud managed services that can be leveraged as a storage backend. The benefit of these options are that they are managed services provided by public cloud providers and become extremely compelling if there are existing workloads in one of those public clouds.
- AWS S3
- AWS DynamoDB
- Azure Storage Container
- Triton Manta Object Storage
- GCP Cloud Storage
- GCP Cloud Spanner
References
Hashicorp Storage Backend
HashiCorp Reference Architecture
(This blog post originally appeared on GreenReedTech.com.)