HASHICORP VAULT STORAGE BACKEND DECISION TREE

With over 15 supported storage backends, it can be a bit of an arduous task to determine which storage backend should be used for a HashiCorp Vault deployment. The goal of this blog post is to help simplify that process with a simple visual decision tree that accounts for some of the common decision points when determining which storage backend to utilize for a deployment.

Development Storage Backend

 

The filesystem and In-memory storage backends are both great options for quickly getting started with HashiCorp Vault. The other storage backends require an external server(s) or service in order to start using them.

 

Preferred Production Storage Backend

 

The preferred storage backend is Hashicorp’s Consul product which is the only backend that checks both the high availability and Hashicorp supported boxes. The reference architecture created by HashiCorp details how Vault can be implemented in a highly available manner using HashiCorp consul.

 

Cloud Agnostic Highly Available Backend Options

 

The following storage backends are viable options for cloud agnostic solutions that allow any underlying IaaS platform to be used given that the backend isn’t tied to a particular cloud provider’s managed service.

 

  • HashiCorp Consul
  • Etcd
  • Zookeeper

Cloud-Specific Backend Options

 

There a number of public cloud managed services that can be leveraged as a storage backend. The benefit of these options are that they are managed services provided by public cloud providers and become extremely compelling if there are existing workloads in one of those public clouds.

 

  • AWS S3
  • AWS DynamoDB
  • Azure Storage Container
  • Triton Manta Object Storage
  • GCP Cloud Storage
  • GCP Cloud Spanner

References

Hashicorp Storage Backend
HashiCorp Reference Architecture

(This blog post originally appeared on GreenReedTech.com.)

 

Contributing Author: Martez Reed

SUBSCRIBE
Subscribe to the AHEAD I/O Newsletter for a periodic digest of all things apps, opps, and infrastructure.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.