In which time window vault updates the secret?


we’re running a vault database engine (MySQL) in Kubernetes which keeps our database credentials up to date in our NodeJS App.

So the vault agent sidecar must update the credentials before the MAX TTL ends.
But is it totally random when the agent asks for new credentials or is it in a special time window (e.g. 50% to 70% of the MAX TTL)?

Hope someone can help…

Hi. It will renew when 2/3 of the lease has elapsed: Vault Agent Template | Vault by HashiCorp


1 Like