The context:
I have a setup that is composed by a Vault cluster in a DataCenter(Vault1) and two other performance replicas(Vault2, Vault3) spread in other locations. In total there are 3 clusters(One master cluster and the other two performance replicas). Each cluster provides an endpoint to connect to for retrieving secrets. Retrieving secrets from server is a two step activity: 1. Get a token(with a specific TTL) that is valid for that specific cluster 2. get the secret using the token from the same cluster.
If network partitioning is happening and I cannot access Vault1 cluster, ideally I should be redirected by a specific component to a healthy cluster (Vault 1 or Vault 2). There are a few options here:
Implement failover inside the vault java driver - configure a list of endpoints and reach out to these endpoints based on different priorities.
Implement a software loadbalancer that can keep track of tokens, identities, ttls and vault clusters that are used - has some security constraints and costs associated with it.
Dynamic discovery of healthy Vault services - also is something on the client side that needs to be implemented.
Opening this issue I would like to start a conversation about achieving a better availability for such a critical service.
I would like to contribute back to upstream with the first item if you cannot see other viable options.
The context: I have a setup that is composed by a Vault cluster in a DataCenter(Vault1) and two other performance replicas(Vault2, Vault3) spread in other locations. In total there are 3 clusters(One master cluster and the other two performance replicas). Each cluster provides an endpoint to connect to for retrieving secrets. Retrieving secrets from server is a two step activity: 1. Get a token(with a specific TTL) that is valid for that specific cluster 2. get the secret using the token from the same cluster. If network partitioning is happening and I cannot access Vault1 cluster, ideally I should be redirected by a specific component to a healthy cluster (Vault 1 or Vault 2). There are a few options here:
Opening this issue I would like to start a conversation about achieving a better availability for such a critical service.
I would like to contribute back to upstream with the first item if you cannot see other viable options.