Is there a mechanism to synchronize KV secrets engine secrets from one instance of Vault (Enterprise) to another one? I’m guessing that it would be possible to do this with VSO or ESO, however there is no Kubernetes clusters that would be suitable for deploying these operators
Vault Enterprise has a replication feature that replicates data from a primary cluster to a secondary cluster.
In Performance Replication, secondaries keep track of their own tokens and leases but share the underlying configuration, policies, and supporting secrets (KV values, encryption keys for transit
, etc).
- Replication - Vault Enterprise | Vault | HashiCorp Developer
- Enable performance replication | Vault | HashiCorp Developer
Diagram: