Hi, I’m working on creating kv-v2 mounts for various teams and trying to understand how the default_lease_ttl
and max_lease_ttl
effect secrets.
I understand how ttl and max ttl works for a token, but unsure what it means for a secret mount.
I’m working with this API endpoint https://www.vaultproject.io/api-docs/system/mounts/#enable-secrets-engine
Here is an example payload,
{
type: 'kv',
description: `Key/Value secret engine mount for the ${team} team`,
config: {
default_lease_ttl: '1h',
max_lease_ttl: '24h'
},
options: {
version: 2
}
};
And an example using the API,
curl -XPOST -H 'X-Vault-Token: secret' \
http://localhost:8200/v1/sys/mounts/team-one \
-d '{ payload mentioned above }'
In the example payload, the default_lease_ttl is 1 hour. Can someone explain what that means for a kv mount? Do secrets expire?
Thanks