Does the Transit Secrets Engine have a limit to the number of named keys?

Hi, I reviewed the docs pretty thoroughly but I was unable to find an answer to my question. Does Vault impose a limit on the number of keys that can be created within the Transit Secrets Engine? The three pages in the documentation where I would guess this information would be present do not seem to indicate there is a limit:

  1. Limits and Maximums | Vault | HashiCorp Developer
  2. Transit - Secrets Engines | Vault | HashiCorp Developer
  3. Transit - Secrets Engines - HTTP API | Vault | HashiCorp Developer

In the absence of an explicit limit, I would assume that the limit is determined by the underlying storage solution for the Vault. Is that assumption correct?

Thank you!

Indeed. Like many things in Vault, it has no direct hard limit, but the more work you push it to do, there will of course be CPU, memory, storage costs associated with that.

I know it’s not the easy answer you would prefer, but it really comes down to “do some load testing in a representative environment, with a representative workload, if you really need certainty”.

That’s understandable, thank you for sharing your insight maxb. It’s more helpful than not being aware of a hard limit that I failed to discover in the docs :smile: