Skip to main content
In this guide, you’ll learn how to set up Disaster Recovery (DR) replication using HashiCorp Vault’s web interface. While you can configure replication via the CLI or API, the UI offers an intuitive workflow for most users. By the end, you’ll have a primary cluster replicating to a secondary for robust disaster recovery.
  • Vault Enterprise license (1.5+)
  • Admin-level token with replication capabilities
  • Two Vault clusters (primary and secondary) with network connectivity

1. Enable DR Replication on the Primary Cluster

  1. Log in to your primary Vault cluster through the UI.
  2. In the sidebar, click Status, then select Replication.
  3. Click Enable Replication.
  4. From the Type dropdown, choose Disaster Recovery (DR) Replication.
  5. Set Cluster Mode to Primary, then confirm by clicking Enable Replication.
The image is a screenshot of a user interface for configuring replication, specifically selecting Disaster Recovery (DR) replication and setting the cluster mode to primary. It includes instructional text and graphics to guide the user.
Vault will initialize DR replication in seconds and show the status panel, which initially displays No known secondaries.

2. Register a Secondary Cluster

  1. In the Replication panel, click Add a Secondary.
  2. Provide a descriptive Name for your secondary cluster.
  3. (Optional) Adjust the Token TTL to control how long the secondary activation token remains valid.
  4. Click Generate Token and Copy the output.
The image shows a user interface for configuring disaster recovery replication in Vault, with a section to name a secondary ID and generate a token. There's also a badge indicating a Vault Certified Operations Professional.
eyJhbGciOiJFUzUxMlsInR5c6IkpXVCJ9.eyJhY2Nlc3Nlc3NfdHlwZSI6ImFkZGl0aW9uIiwic2Vjb25kYXJ5X3Rva2VuIjoiJodHRwOitYrR1hY2J2stcHJgyMDAiLCJleHBpcmF0aW9uIjoxMjM0NTY3ODkwMH19
Keep the generated token secure. It grants replication activation rights on the secondary cluster.

3. Activate DR Replication on the Secondary Cluster

  1. Log in to your secondary Vault cluster.
  2. Navigate to StatusReplicationEnable Replication.
  3. Select Disaster Recovery (DR) Replication.
  4. Choose Secondary for Cluster Mode.
  5. Paste the token you copied from the primary.
  6. Click Enable Replication to start synchronization.
The image is a guide for configuring replication using a user interface, specifically for setting up a secondary cluster for disaster recovery. It includes instructions to select disaster recovery replication, choose secondary mode, and paste a secondary activation token.
Vault will now synchronize changes from the primary to the secondary, completing your DR setup.

DR vs. Performance Replication

Replication TypeUse CaseData Direction
Disaster Recovery (DR)Failover during outagesPrimary → Secondary
Performance ReplicationRead-scaling and geo-distributionBidirectional

Next Steps & References

Your Vault clusters are now configured for DR replication via the UI. Regularly monitor the Replication status page to ensure health and sync progress.

Watch Video