[atonse]

I kid you not, the main reason we haven't implemented vault yet, is not because we're worried about security. It's because we're deathly afraid of locking ourselves out by making a mistake, taking the whole system down.

Meaning, this makes Vault more of a "let's really dedicate time to think of every possible scenario" type implementation rather than "let's just keep adding a couple of secrets a week".

What has other people's experiences been?

[jen20]

It is possible to control both the number of key shares and the threshold required to unseal Vault (and now to do automatic unseal too), so I’m not certain this particular condition should be too much of a concern anymore. That said, considering as many scenarios as possible is definitely sensible!

[viralpoetry]

I really do not understand your frustration. We are running 5 node cluster in production with the keepalived and nobody needs to wake up unsealing if one, or two instances fail. Perfectly good to do it in the morning by copy pasting curl oneliner from the keepass.