We have a deployed vault instance in a docker container, with a backend for storing secrets in Amazon S3.
Just for the test, we decided to check whether the second container will start on another host with the same backend and were pleasantly surprised that everything works out of thebox (writing, reading, updating of secrets on any of the nodes happens synchronously). Now we are thinking about, this is a good solution if we begin use traefik as a load balancer for this 2 instance.
Please tell us what risks we may face in such a configuration.
Running two masters in this manner can lead to consistency issues and/or corruption.
Multiple nodes should be set up in a HA configuration. Though S3 doesn’t support HA, you can configure a second, HA-capable storage just for the HA portion.
Some prior discussion about this as well as links: https://groups.google.com/d/msg/vault-tool/lKMvrRsIfrU/cUzMavRNCgAJ