I had a question about the Vault transit secret engine and scaling a Vault cluster’s ability to service encrypt/decrypt requests. Reading some HA docs (High Availability | Vault by HashiCorp) it mentions that standby nodes just forward requests to the active node (or redirect requests). Is this every request? E.g. for encrypting/decrypting via the transit engine, do all requests go through the active node?
Is there a way to scale out the transit secret engine request handling such that multiple nodes handle the workload? I’m not able to find any documentation pertaining to this question. I read about performance standby vault nodes that can service reads, but the transit secret encrypt/decrypt functions are write request, leading me to think that the active node still deals with these requests.
Any guidance would be very much appreciated!