We are using an AWS S3 bucket for Vault back end, and I noticed that there’s a bunch of objects under logical/xxxxxxxxxx/packer/buckets/yyy Where the x’s are a long alphanumeric string and yyy is an integer. Some of these objects are getting rewritten every five minutes. What function is this serving in vault and is the data critical to replicate for DR purposes?
This doesn’t seem version specific, but we’re running Vault 1.4.3 with consul 1.8.0 if that helps.
Most likely this is for the “identity” backend. Both identity entities and identity groups are stored in storagepacker, which shards the collection of objects across 256 different buckets. If this information is lost, then any policies or metadata you have attached to entities, or any groups you have created, would be gone. The identity store is also important for auditing, as the entity id is a way to track a user or app across multiple logins.
You can verify which backend is using a storage path by matching the logical/ path with the UUID listed in sys/mounts.
Thanks, that’s helpful.