From c48b322fce4588edc8129f55f9196fc33f72a609 Mon Sep 17 00:00:00 2001
From: Scott Miller <smiller@hashicorp.com>
Date: Wed, 4 Aug 2021 10:42:30 -0500
Subject: [PATCH] Forward cert signing requests to the primary on perf
 secondaries as well as perf standbys (#12180) (#12248)

---
 builtin/logical/pki/path_issue_sign.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go
index 95b7a6805070a..28d3c54b39420 100644
--- a/builtin/logical/pki/path_issue_sign.go
+++ b/builtin/logical/pki/path_issue_sign.go
@@ -188,7 +188,7 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
 
 func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
 	// If storing the certificate and on a performance standby, forward this request on to the primary
-	if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
+	if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby|consts.ReplicationPerformanceSecondary) {
 		return nil, logical.ErrReadOnly
 	}