Vault Policy Based Storage Solution

I am looking to stand up a HA instance of Vault but have a potential requirement to be able to enforce a role based storage strategy.
With secrets based on a role(s) get written to a separate storage backend.

This would allow us to be able further restrict who has access to the devices that the secrets are located on as well as a separation of data between types of secrets.

General secrets role use DeviceA = all administrators have access,
11 Herbs and Spices recipe role use DeviceB = a subset of all administrators will have access.

I am aware that using local storage the data store will be encrypted.

No, there’s nothing in Vault like this.

You’d need to use separate Vault instances.

1 Like