Handling secret expiry

Hi,

I’m working with Vault within Kubernetes, creating AWS STS credentials but I noticed an issue. Once the max_ttl has been hit the credentials template gets recreated and are completely new - which is fine. I have made a file watcher to handle this.

What I’m wondering if is this is the correct usage of AWS secrets in Vault? And if not what is a better approach?

Thanks.