I am looking to stand up a HA instance of Vault but have a potential requirement to be able to enforce a role based storage strategy.
With secrets based on a role(s) get written to a separate storage backend.
This would allow us to be able further restrict who has access to the devices that the secrets are located on as well as a separation of data between types of secrets.
General secrets role use DeviceA = all administrators have access,
11 Herbs and Spices recipe role use DeviceB = a subset of all administrators will have access.
I am aware that using local storage the data store will be encrypted.