// , Anyone had luck with consul-replicate for "home-grown" Performance Replication?

[Nathan Basanese]

  // , Has anyone used consul-replicate for Performance Replication or Disaster Recovery? 

It looks like it's _possible_ to use, although it requires extra rigor when upgrading Vault: 

https://github.com/hashicorp/vault/issues/674#issuecomment-153100670

 

With some regular testing with each new Vault version to update the parts of the Consul backend that are and are _not_ replicated, this may be worth trying. 

Did it work well for you? 

Did it turn into a "penny-wise, pound foolish" situation? 

Something in between?

Inquiring minds want to know.

[Nathan Basanese]

  // , Well, I'm going to assume that's a "No".

I'll add the results from my forum search that lead to this.

There are a few results on consul-replicate from 2016, and the following are negative, but only apply to some points: 

https://groups.google.com/forum/#!searchin/vault-tool/consul-replicate|sort:date/vault-tool/3Ti37k1G4V4/sebvuDiLCQAJ (Multi-master replication with consul-replicate would create conflicts, but doesn't indicate that Secondaries would fail)

https://groups.google.com/forum/#!searchin/vault-tool/consul-replicate|sort:date/vault-tool/fji21P13SsU/72ex89X2AAAJ (Replication would require replicating the encryption keys)

And here's a post that indicates that consul-replicate as a means of Vault performance replication (e.g. replication of data across multiple datacenters for more local availability) is unsafe "in nearly all circumstances": 

https://groups.google.com/forum/#!searchin/vault-tool/consul-replicate|sort:date/vault-tool/RMpbRGSq2A8/zRZP_xFfAwAJ (consul-replicate for Vault replication as a way to do multi-DC availability is unsafe in general)

Anyway, I did a bit more of my own research and testing. Doesn't seem like it's a popular solution due to potential data risks / scaling issues