Trying to understand how to revoke a dynamic database role lease created from a sidecar vault-agent on its shutdown. I have added the annotation vault.hashicorp.com/agent-revoke-on-shutdown: 'true'
and I can see the agent shutdown, but it is not revoking the leases it is getting as follows
vault.hashicorp.com/agent-inject-secret-liquibase.properties: 'database/creds/dba'
vault.hashicorp.com/agent-inject-template-liquibase.properties: |
{{- with secret "database/creds/dba" -}}
password: {{ .Data.password }}
username: {{ .Data.username }}
{{- end }}
Reading the docs it says it will revoke only the token used by the agent, is that the correct understanding that I cannot revoke leases on agent shutdown?
Nicholas