[wst_]

> For a vault cluster to boot up, the vault must be unsealed which complicates it’s high availability story

It doesn't complicate anything. It just makes it secure.

> If the root key were to be lost or compromised, then all of the secrets would be as well.

In Vault, you do not have just a root key. You have it divided, initially in 5 parts 3 of which are needed for unsealing. You can change the numbers. It is unlikely that all of them goes AWOL.

Plus, Vault is trivial to set up for a small team. Not a bigger effort is needed to set up a cluster.

I can understand that Torus is your tool of choice, but please do not spread FUD about Vault at the same time. I have no experience with Torus, yet, but Vault is a solid piece.