Example secrets plugin and TTLs

Hi!

I was wondering if there’s an example secrets plugin that I could reference that interacts with a remote system for token creation and interacts with TTLs in “the best” way?

It’s unclear to me what my responsibilities as a plugin writer are vs what Vault manages for me. As a couple of many example questions: if I’m renewing a lease, whose responsibility is it ot ensure the renewal doesn’t exceed the system max ttl / backend max ttl / role ttl / etc /etc ? Does the backend default/max ttl take priority over the system default/max ttl?

Thanks!

JAmes