Database Secret Engine: MS SQL - AlwaysOn Availability Groups Architecture

Hi Team,

Would really appreciate some help on a way of proper configuration for DB Secret Engines and MS SQL Servers with AlwaysOn Availability Groups Architecture.

I don’t have much experience with MS SQL and might be not preciese correct, please correct If I’m wrong. But in this HA mode, we can add “Clients” DB to Availability Group and sync them across servers. But that is not possible for Master DB where we have Logins.

When Vault generates a new credential it creates/deletes Login/users on Active instance only. And in case of switch over client lost connection with this lease. As an option we can extend creation/deletion statements with execution of stored procedure which does the sync. But with this way I might not have control over this procedure and outcome of it.

What would be a good way to sync creation/deletion of Logins between nodes here?


I’m on the same boat, seems like the current solution only works for the standalone box. Any forum user implementing on AlwaysOn HA cluster experience can share their experience please?