Skip to main content

Cloud deployment

You deploy Vault on a cloud platform such as AWS, Google Cloud Platform, or Azure, or use the Piiano managed SaaS option which is hosted on AWS. On these platforms, Vault can be deployed as a server or serverless. For example, on Google Cloud Platform Vault can be deployed as a serverless service using Cloud Run.

Vault is implemented using two services: a Control service for making control changes such as IAM configuration and schema changes, and a Data service for CRUD operations on data.

The main elements in a Vault deployment are:

  • The Vault server. There can be one server running both services, or the services may be deployed separately.
  • The backend database. For example, Postgres RDS.
  • A Key Management Service (KMS).
  • A load balancer or API gateway to manage access to the Vault services.

This diagram shows an example of the high-level architecture in an AWS deployment.

The Vault hierarchyThe Vault hierarchy

An Amazon Elastic Container Service (Amazon ECS) based deployment:

AWS ECS deploymentAWS ECS deployment

A Google Cloud Platform Cloud Run based deployment:

GCP cloudrun deployedGCP cloudrun deployed

An Azure Cloud Platform based deployment:

GCP cloudrun deployedGCP cloudrun deployed