Hello,
I’m planning to deploy Vault and want to know what is the best storage backed on AWS (Dynamo DB or Consul running on EKS with EBS volume ) .
BRs,
Bilel
Unless you’re testing or in a dev environment, stay away from Dynamo or any other SQL (or non-SQL) based systems. If you’re in enterprise, Consul and Integerated Storage are the only backends that are supported by Hashicorp.
Otherwise, depends on your usage, and the machine type you’re planning on using. In most cases if you’re using a recent version of Vault, you’re better off just using integrated storage – makes life easier, less usage. Just keep in mind that IS is disk I/O bound and requires very fast disks.
We (Semi-large setup) and I (home lab) are still using Consul as our backend. It’s memory bound and very very fast.
Hey @aram, thanks for your replay currently i use both consul and vault : consul as a k/v store and vault as a secret manager , the goal is that it may be better to decouple the 2 solutions i mean in case i’ll have a problem in consul it will not affect vautl secret .
Note :my environnent is EKS .
Yes, that’s typical setup. The new recommended solution is to do integrated storage with Vault. Unless you’re going to keep Consul as a DNS service-resolution anyway, there is no advantage of keeping Consul and using it as the store.