Vault standalone on-premise server

Hi, we have installed vault on a on-premise server with self-managed setup. In the configuration file storage stanza parameters:

storage "file" {
  path = "/mnt/vault/data"
}

Questions:
_ Integrated storage (raft) backend applies only for a vault cluster architecture? or is it possible to be configured on standalone?
_ Backup and restore vault data procedures for Vault standalone on-premise?

Thank you,

xxxx

raft makes no sense when you run in standalone node, because raft is a consensus protocol , and to do make this you need a minimal of 3 nodes.

here a doc about raft.

About backup process, if you don’t had raft, you can simply make backup of entire data folder. (i’m not tested, but makes sense for me).

1 Like

As Clayton mentioned, raft is generally used for multinode clusters. Using file if you are only running a single server should be sufficent, but I would consider some external storage such as S3. You can see all the supported storage backends at storage - Configuration | Vault | HashiCorp Developer but would also suggest considering a multi-node cluster for HA, or HCP Vault Dedicated or HCP Vault Secrets depending on your use case(s).

For backup procedures, I don’t think copying the data directory on its own will work as the data is encrypted by your seal mechanism. Check out Standard procedures | Vault | HashiCorp Developer

2 Likes

For backup reason, maybe using single instance of consul as backend is a good idea, because consul backup procedure don’t need raft.

So, you standalone instance needs a vault with a single consul standalone as backend.

1 Like