Storage
Summary: OpenBao persists encrypted state to an external storage backend. Storage is treated as untrusted — only OpenBao’s barrier can decrypt what it holds.
Sources: raw/docs/concepts/storage.md, raw/docs/configuration/storage/*.md, raw/docs/internals/architecture.md.
Last updated: 2026-05-19
Role
The storage backend sits outside the barrier and stores opaque encrypted blobs. Choosing it shapes durability, HA semantics, and operational complexity (source: raw/docs/concepts/storage.md).
Supported backends
Per raw/docs/configuration/storage/:
- raft — integrated storage. The recommended default. HA-capable, no external dependency. Concepts in integrated-storage.
- postgresql — external Postgres. Useful when an existing DBA team wants to own the storage tier.
- filesystem — single-node local disk. No HA. Dev/small-scale only.
- in-memory — ephemeral, lost on restart. Test only.
OpenBao’s docs explicitly call out the “integrated Storage (Raft) vs PostgreSQL” decision as the main fork in the road (source: raw/docs/configuration/storage/index.md).
HA storage
Some deployments split data storage from HA lock storage — storage for blobs, ha_storage for the leader-election lock. The HA lock backend must support locking; data backend need not (source: raw/docs/concepts/ha.md, raw/docs/configuration/index.md).
Backups
Two things to back up: encrypted storage contents, and the OpenBao configuration. Restoring data alone without the seal config / KMS access is useless — you can’t unseal it (source: raw/docs/concepts/storage.md). Full strategy, snapshot mechanics, and automation in backups.
Related pages
- seal-unseal — what makes storage contents readable
- high-availability — storage backends that support an HA lock
- internals — Raft details, autopilot
- configuration —
storage { ... }andha_storage { ... }stanzas