> For a vault cluster to boot up, the vault must be unsealed which complicates it’s high availability story
It doesn't complicate anything. It just makes it secure.
> If the root key were to be lost or compromised, then all of the secrets would be as well.
In Vault, you do not have just a root key. You have it divided, initially in 5 parts 3 of which are needed for unsealing. You can change the numbers. It is unlikely that all of them goes AWOL.
Plus, Vault is trivial to set up for a small team. Not a bigger effort is needed to set up a cluster.
I can understand that Torus is your tool of choice, but please do not spread FUD about Vault at the same time. I have no experience with Torus, yet, but Vault is a solid piece.
It doesn't complicate anything. It just makes it secure.
> If the root key were to be lost or compromised, then all of the secrets would be as well.
In Vault, you do not have just a root key. You have it divided, initially in 5 parts 3 of which are needed for unsealing. You can change the numbers. It is unlikely that all of them goes AWOL.
Plus, Vault is trivial to set up for a small team. Not a bigger effort is needed to set up a cluster.
I can understand that Torus is your tool of choice, but please do not spread FUD about Vault at the same time. I have no experience with Torus, yet, but Vault is a solid piece.