Vault Core relies on surrounding infrastructure including Kubernetes, Postgres, Istio, Kafka and a secrets manager: HashiCorp Vault, or (on AWS) AWS Secrets Manager.

The Vault Cloud Infrastructure guide describes this in more detail, including the choices clients can make about where these components are run.

Some of the components supplied in the release are intended only for non-production environments. Infrastructure components shipped with Vault and their deployment guidance are:

TM Distributed Component Development Production

Observability Recommended Required

Istio Recommended Recommended*

Kafka Available Not supported**

Dummy SAML IdP Available Not supported***

*A deployment of either TM or client Istio is strictly required in production, and TM supports the version of Istio distributed with Vault. Clients may choose to install a supported version of Istio separately, for example, if they already use Istio for their own services.

**Clients must maintain their own Kafka brokers in production. Thought Machine includes Kafka as part of the Vault distribution for development purposes only. Kafka will no longer be distributed with Vault from Vault version 5.0.

***Clients must supply their own IdP for production; the dummy SAML IdP is for development and testing purposes only.