Vault helmchart examples?


I am looking for a way to deploy the vault helm chart with a HA vault cluster storing it’s data in a S3 bucket for DR. Is this possible with the current chart? I see an option for RAFT storage, but I wanted to take it one step further… (

I looked at the hashicorp site for examples, but I don’t seem to see anything like that?

Also, is there an option for auto-unseal for on-prem deployments?



The following helm values should give you S3 with DynamoDB for HA:

      enabled: false
      enabled: false
      enabled: false
      enabled: true
      replicas: 3

      # config is a raw string of default configuration when using a Stateful
      # deployment. Default is to use a Consul for its HA storage backend.
      # This should be HCL.
      config: |
        storage "s3" {
          bucket     = "my-bucket"
          region     = "eu-west-1"
        ha_storage "dynamodb" {
          ha_enabled = "true"
          region     = "eu-west-1"
          table      = "my-table"

        listener "tcp" {
          tls_disable = 1
          address = "[::]:8200"
          cluster_address = "[::]:8201"


I guess you can tweak the config yourself if you want another HA scenario. On-prem seal/unseal is only supported with Enterprise edition and a HSM module. So yeah, on-prem auto-unseal is an expensive scenario :wink:

1 Like

Thanks for the example! Very helpful!

why vault: as a top level key ?

This example was taken from a chart where the Vault helm chart was a dependency of my chart.

You probably don’t need that top-level key if you use the Vault helm chart directly.

1 Like