Vault HA meant to span multiple networks and machines (with local raft storage)

Is a vault HA cluster with local (raft) storage on each instance also fine with the instances spread over multiple networks on multiple machines? Guess, what I want to know purely meant for HA or also for replication.

I.e. if you had comparably low traffic to vault overall, and were mainly concerned with it being reachable and synchronized, would a raft storage backed Vault HA cluster having cluster members in two or three different internal networks on a few different machines be fine?

Let’s say all clients in 192.168.1.0/24 would use a vault instance on a machine in their network with IP 192.168.0.11, all clients in 192.168.2.0/24 an instance at a different machine with 192.168.0.22, all clients in 192.168.3.0/24 yet another with IP 192.168.0.33.
Assuming 192.168.0.11 as the HA leader and 192.168.0.22, 33, etc. joining its cluster.
Let’s also say the different 192.168.x.0/24 networks are isolated from each other, except for all the vault cluster members being connected.

Would that be a valid use case, or is HA meant purely for load balancing and fault tolerance and using it for replication is a bad idea? Again, in a relatively small scale, where a single machine and network could easily handle all the requests and with regular data backups, of course.

I think you’re confusing HA (high availability) and PR (performance replicas).

HA = is a cold standby. Clients cannot connect to the HA instance until it becomes “primary”.

PR = Performance replicates is a read-only instance for moving some of the load from the primary cluster away somewhere else, and is closer to your design.

PRs handle their own lease activity, (leases do not replicated up or down between instances. Any changes to secrets are sent from the PR to the primary leader node to be actually written to storage. PRs have a full copy of the vault data and can provide READ and LIST to the client.