Hi. I’m about to operate a vault in kubernetes on AWS but I’m still undecided whether to use Integrated storage or S3 as a backend.
What I like about Integrated storage, is its promise to provide some on-demand atomic snapshot functionality via “operator raft snapshot save” (HashiCorp Learn)., given is is highly recommended to create such a backup before upgrading (in case you need to downgrade afterwards because of some grave problem, see Upgrading Vault - Guides | Vault by HashiCorp ). Do you have experience with doing similar atomic snapshots for s3? I’m worried that the backups might not give the same atomicity guarantee of the Integrated storage snapshots and thus potentially provide an inconsistent storage view from which vault could not necessarily restore from in the worst case
If this is a “lab” or “testing” then either is fine. If this is for production use integrated storage. If you’re using “enterprise” then you must use integrated storage for support purposes. Realistically with S3 as your storage you gain nothing.
The snapshot and inspect functionality (integrated storage) is fantastic and has been a very useful tools for me and us. I use a short short to copy the snapshots up to S3 with a nice lifecycle routine that manages the space for me. I would not recommend using S3 as your storage simply because Vault is very i/o latency sensitive and it’s just less headache and issues.