Skip to main content

Cloud deployment

You deploy Vault on a cloud platform such as AWS, Google Cloud Platform, or Azure, or use the Piiano managed SaaS option which is hosted on AWS. On these platforms, Vault can be deployed as a server or serverless. For example, on Google Cloud Platform Vault can be deployed as a serverless service using Cloud Run.

Vault is implemented using two services: a Control service for making control changes such as IAM configuration and schema changes, and a Data service for CRUD operations on data.

The main elements in a Vault deployment are:

  • The Vault server. There can be one server running both services, or the services may be deployed separately.
  • The backend database. For example, Postgres RDS.
  • A Key Management Service (KMS).
  • A load balancer or API gateway to manage access to the Vault services.

This diagram shows an example of the high-level architecture in an AWS deployment.

Architecture of an AWS deployment of Vault.Architecture of an AWS deployment of Vault.

An Amazon Elastic Container Service (Amazon ECS) based deployment:

Architecture of an AWS ECS deployment of Vault.Architecture of an AWS ECS deployment of Vault.

A Google Cloud Platform Cloud Run based deployment:

Architecture of a Google Cloud Platform Cloud Run deployment of Vault.Architecture of a Google Cloud Platform Cloud Run deployment of Vault.

An Azure Cloud Platform based deployment:

Architecture of an Azure Cloud Platform deployment of Vault.Architecture of an Azure Cloud Platform deployment of Vault.