1

Is there a reason to store non-secret key/value configuration in a separate key/value store like consul, rather than storing it together with secrets in a secret k/v store like vault?

One possible reason is that vault may provide extra overhead for accessing non-secret configuration.

Can you think of any other reasons to store or not to store non-secrets and secrets in the same k/v store?

yosefrow
  • 2,128
  • 20
  • 29

1 Answers1

0
  • How you access the KV data is one of the factors. Consul agents are distributed while Vault is centralised. You could simply access consul on http://127.0.0.1:8500.

  • Vault offers 2 KV store types: v1 and v2 (versioned) Consul KV is unversioned.

  • Arrays should be remodeled to fit in one key value object in Vault. Consul KV accepts an array as root object.

  • From a REST perspective there's hardly a difference if you choose a Bearer token header.

bbaassssiiee
  • 6,013
  • 2
  • 42
  • 55