HCP Vault multi-region support
HCP Vault supports delivering your Vault cluster to multiple regions with just a few steps. Delivering your Vault cluster to multiple regions allows you to support applications that are delivered globally and reduces latency to your secrets.
Note
Clusters can have up to five performance replication secondary clusters.If you have already reached your overall Vault cluster quota, you will not be able to create additional secondary clusters. If you need to increase the overall quota, please follow the process to request additional resources.
What is performance replication?
Performance replication allows the Vault functionalities such as identity management, secrets storage, and policy management to scale across the regions. This lets Vault clients read and write secrets from an HCP Vault cluster closest to them.
It operates on a leader/follower model, wherein a leader cluster (known as a primary) is linked to its follower secondary cluster. The primary cluster acts as the system of record and asynchronously replicates most Vault data.
The secondary cluster keeps track of their own tokens and leases but shares the underlying configuration (e.g., auth method configuration), policies, and secrets. If a user action modifies the underlying shared state, the secondary forwards the request to the primary and the changes are transparent to the client.
Warning
Both the primary and secondary clusters must be created in the HashiCorp Virtual Networks (HVNs) of the same project. Performance replication will not work across projects.
Tutorial
See the HCP Vault Performance Replication tutorial for step-by-step instructions.