Vault Synchronizer with HA Topology


We are just looking HA deployment for vault synchronizer because of its important role. Is there a way to deploy more then one vault synchronizer in active/active or active/passive ?

Official architecture recommendation or any workaround will be appreciated.


1 Like

Hi @emre.yardimci ,

The synchronizer does not currently support an active/active model. We can deploy a “cold” synchronizer though, similar to how we’d do the same for the CPM. This would typically be installed in your DR data center, with the services stopped and a cred file pre-staged to limit the steps necessary to bring it online. Your DR run book would then document updating the app-prv user that the synchronizer service itself uses to the password stored in the staged cred file and starting the services to bring the synchronizer online.



Hi @nathan.whipple ,

Thanks for your update, but when we tried to install DR synchronizer, it is forcing to create new LOB user. We should use same LOB user for the secret paths.
On the other hand, when we replace the cred files on the DR deployment, service start is getting .net error.
Is there any documentation for this purposes ?


Ah, you’re right. I’d overlooked the changes to the latest synchronizer installer and forgot to mention that. That said, you can just let it create the additional LOB user and then delete it after the work is done. As for the .NET error after replacing the cred file, can you share the error message and how you replaced/recreated the cred file please?