Introduction

This document gives recommendations on how to scale Vault Enterprise as a shared service for your organization.

HashiCorp Validated Designs provide prescriptive guidance curated from our experience supporting numerous customer journeys with Vault Enterprise.

Prerequisites

We recommend that you have completed the following steps before implementing the guidance in this document:

1. Review: Vault Enterprise Operating Guide for Adoption
2. Review: Vault Enterprise Operating Guide for Standardization
3. Have established the following:
   1. Configure desired authentication methods
   2. Establish a baseline of Vault policies for administration
   3. Implemented secrets management with Vault in Production.

Checklist

After completing the initial adoption and standardization of Vault, you are ready to implement advanced use cases in the scaling phase covered in this document.

While some aspects of the scaling maturity phase are optional and will depend on the integrations your organization requires, we recommend that all customers consider adopting the following core capabilities due to the significant security benefits they provide:

• Automation of enterprise’s public key infrastructure (PKI) lifecycle management with PKI secret engine
• Improve Resilience and Performance through Performance Replication
• Centralized key lifecycle management with Vault Key Management System (KMS) & Key Management Interoperability Protocol (KMIP) secret engine
• Encryption as a service with Transit and Transform secret engine

Use Cases Covered

This document covers the “Scaling” phase of operating Vault on the maturity scale and includes the following: