Storage Migration tutorial - Consul to Integrated Storage | Vault - HashiCorp Learn makes it very clear to disable mlock:
NOTE: When using the Raft storage backend, it is strongly recommended to set
true, and to disable memory swapping on the system.
Server Configuration | Vault by HashiCorp (vaultproject.io) says the same thing:
mlockis strongly recommended if using integrated storage due to the fact that
mlockdoes not interact well with memory mapped files such as those created by BoltDB, which is used by Raft to track state.
vaultthe ability to use the mlock syscall without running the process as
root. The mlock syscall prevents memory from being swapped to disk.
Given that this page is actually titled “Vault Deployment Guide with Integrated Storage” (my emphasis) then shouldn’t this page not have that recommendation? Or am I misunderstanding the whole mlock thing?