diff --git a/changelog/15879.txt b/changelog/15879.txt new file mode 100644 index 000000000000..0d435b025651 --- /dev/null +++ b/changelog/15879.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: Limit SSCT WAL checks on perf standbys to raft backends only +``` diff --git a/vault/request_handling.go b/vault/request_handling.go index 7494403ed566..dbbe5b21cf8a 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -1945,6 +1945,12 @@ func (c *Core) checkSSCTokenInternal(ctx context.Context, token string, isPerfSt if err != nil { return "", err } + + // Disregard SSCT on perf-standbys for non-raft storage + if c.perfStandby && c.getRaftBackend() == nil { + return plainToken.Random, nil + } + ep := int(plainToken.IndexEpoch) if ep < c.tokenStore.GetSSCTokensGenerationCounter() { return plainToken.Random, nil