HashiCorp Cloud Platform
Enable HCP Vault Dedicated multi-region support with performance replication
HCP Vault Dedicated supports delivering your Vault cluster to multiple regions with just a few steps. Delivering your Vault cluster to multiple regions allows you to support applications that are delivered globally and reduces latency to your secrets.
What is performance replication?
Plus tier feature
Performance replication is available on HCP Vault Dedicated Plus tier clusters.
Performance replication allows the Vault functionalities such as identity management, secrets storage, and policy management to scale across multiple regions. This lets Vault clients read and write secrets from an HCP Vault Dedicated cluster closest to them.
It operates on a leader/follower model, wherein a leader cluster (known as a primary) is linked to its follower secondary cluster. The primary cluster acts as the system of record and asynchronously replicates most Vault data.
A primary cluster can have up to five secondary clusters.
The secondary cluster keeps track of their own tokens and leases but shares the underlying configuration (e.g., auth method configuration), policies, and secrets. If a user action modifies the underlying shared state, the secondary forwards the request to the primary and the changes are transparent to the client.
Note
When you reach the total Vault cluster quota, you will not be able to create additional secondary clusters.
If you need to increase the overall quota, please follow the process to request additional resources.
Enable performance replication
Before you being, ensure you have an HVN created in the region you wish to deploy the performance secondary. The HVN for the secondary cluster must have a unique CIDR block that does not overlap with the CIDR block for the HVN of the primary cluster.
Warning
Both the primary and secondary clusters must be created in the HashiCorp Virtual Networks (HVNs) of the same project and the same cloud provider.
Performance replication will not work across projects or cloud providers.
Log into the HCP Portal.
From the Vault clusters page, click the Vault cluster you want to enable performance replication for.
Click Replication in the left navigation menu.
Click Set up replication.
Enter the name of the secondary cluster in the Cluster ID textbox.
Under HashiCorp Virtual Network, select the desired HVN.
(Optional) Configure the Replication path filters.
By default, all namespaces and mount paths will be replicated.
Click Create cluster.