We are using Percona as a database for a number of front end clients, configuring TDE in Percona and using HashiCorp Vault as the Key Management System. We plan on using Vault Agent and AppRole authentication to repeatedly generate new Vault Tokens for Percona to access HashiCorp Vault as they expire.
What is the best practice/recommended TTL for tokens before they should be renewed, or how do we decide the best TTL for our application?