We plan on using Vault Enterprise behind a load balancer which will likely be haproxy. I was thinking of using haproxy to send any PUT requests to the active node and any GET requests to the active node or performance standbys. This will avoid the standby’s having to then redirect writes to the active node.
I’m thinking we would check for a 200/473 status and also if the request is a read or write.
From researching we’d likely need http mode and haproxy will need to decrypt on receiving the traffic and re-encrypt it before sending to the Vault nodes. Does this sound workable?