HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Disaster recovery and high availability

HCP Vault Radar follows the common shared responsibility model for disaster recovery and high availability.

IBM is responsible for ensuring that the Vault Radar service is available and resilient to failures. The Vault Radar platform implements various measures to ensure high availability, such as redundant infrastructure, failover mechanisms, and regular backups.

As a Vault Radar user, you are responsible for ensuring that any self-hosted Vault Radar services such as the Vault Radar agent, MCP server, and CLI you deploy are configured to meet your availability requirements. This includes implementing backup and recovery procedures, monitoring the health of your services, and ensuring that your services are resilient to failures.

If you are new to HCP Vault Radar, checkout the HCP Vault Radar quickstart tutorial series.

Multi-region disaster recovery

Multi-region disaster recovery (DR) for the Vault Radar service provides high availability and resilience for secrets detection and remediation workflows.

The Vault Radar platform automatically replicates data and persisted processing state across regions in near real-time to ensure the service remains available in the event of a regional outage.

This includes:

  • Scan results
  • Findings and alerts
  • Remediation context
  • Persisted workflow state

The primary region serves as the system of record, while the secondary region maintains an up-to-date replica of both data and system state.

This ensures that detection coverage, findings, and remediation workflows remain available even during regional outages.

How multi-region disaster recovery works

Vault Radar maintains a pre-provisioned secondary regional deployment in a standby state and manages replication and fails over automatically as part of the service.

Core mechanisms

  • Continuous cross-region replication: Data is continuously replicated from the primary region to the secondary region to ensure durability and availability.

  • Persisted state replication: Vault Radar replicates system processing state so workflows can resume after the failover.

  • Primary–secondary architecture: The primary region handles active operations, while the secondary region remains synchronized and ready for promotion.

  • Operational management: IBM manages key operational aspects, including:

    • Health monitoring: IBM monitors regional and infrastructure health across underlying cloud providers.

    • Disaster detection: IBM evaluates incidents in collaboration with cloud providers to determine whether they are transient or represent a regional failure.

    • Failover orchestration: IBM promotes the secondary region to active when a disaster is declared.

Failover behavior

During a regional disruption, Vault Radar promotes the secondary region using the most recently replicated data and persisted state. When the failover occurs, Vault Radar exhibits the following behaviors:

  • Data durability: Replicated data, including scan results and findings, remains available after the failover.

  • Workflow continuity: Detection and remediation workflows continue with minimal disruption.

  • Resumption from persisted state: Workloads resume from the replicated system state.

  • In-flight processing: Work in progress may not be fully preserved. Scheduled reconciliation processes identify and reprocess missed or incomplete work.

  • No user action required: The failover process is fully managed by Vault Radar. Your self-hosted services, such as the Vault Radar agent, MCP server, and CLI, continue to operate without requiring any intervention.

Summary

Multi-region disaster recovery enables resilient operation of HCP Vault Radar by continuously replicating both data and processing state across regions.

This ensures that critical data and workflows remain available and can quickly recover during regional failures, without requiring your intervention.

Tutorials

Learn how to evaluate and implement HCP Vault Radar in your environment with our tutorials.

  • HCP Vault Radar quickstart - Follow HashiCups, a fictitious coffee company, as they onboard HCP Vault Radar and scan their data sources for secrets.
  • HCP Vault Radar operations - Learn how HashiCups operations team uses HCP Vault Radar advanced features to scan data sources with the Vault Radar agent, and correlates findings with HCP Vault to manage secrets.
  • HCP Vault Radar developer - Learn how HashiCups developers use HCP Vault Radar advanced features to understand secret exposure, identify potential risks, and prevent leaked secrets during the software development lifecycle.
Edit this page on GitHub