Dynamic DB Creds and Vault Agent

Hi all,

We’re using Vault with Vault Agent and Auto Auth (through Kubernetes). Our tokens will have a sub-day TTL. We are also hoping to use dynamic secrets for our database creds.

One issue we’re worried about running into, though, is our DB creds getting revoked when the token that created them expires. Because we use a connection pool, it’s difficult to imagine checking the creds or the token every single DB request. Is there a recommended way to use dynamic DB creds with Auto Auth/expiring Vault tokens?