I’m having some trouble backing up my intuitive understanding of “lease hierarchy” with an explicit* explanation in the HashiCorp Approved docs, here:
The only explicit references to “lease hierarchy” seem to be here:
If the Vault Token I got using OIDC has a TTL of 10 minutes, and I use that token to generate a Dynamic Credential from database/creds/mssql-read-only with a TTL of 2 hours, I can assume that DB credential is going to die along with my token, in 10 minutes only. But anybody got any opinions on the best docs to give customers for that?
I think it’s this: https://learn.hashicorp.com/tutorials/vault/tokens#service-token-lifecycle
*And as much as imprecations come to mind when my creds expire before I expect, I do not mean “explicit” in the sense used by the ESRB.