»HCP Vault Multi-Region Support
HCP Vault supports delivering your Vault cluster to multiple regions with just a few steps. Delivering your Vault cluster to multiple regions allows you to support applications that are delivered globally and reduces latency to your secrets.
Note: Clusters are currently limited to be extended to a single additional region.
»What is Performance Replication?
Performance replication allows the Vault functionalities such as identity management, secrets storage, and policy management to scale across the regions. This lets Vault clients read and write secrets from an HCP Vault cluster closest to them.
It operates on a leader/follower model, wherein a leader cluster (known as a primary) is linked to its follower secondary cluster. The primary cluster acts as the system of record and asynchronously replicates most Vault data.
The secondary cluster keeps track of their own tokens and leases but shares the underlying configuration (e.g., auth method configuration), policies, and secrets. If a user action modifies the underlying shared state, the secondary forwards the request to the primary and the changes are transparent to the client.
»Tutorial
See the HCP Vault Performance Replication tutorial for step-by-step instructions.