Vault AD engine Question

Disclosure, I’m very new to the AD Engine in vault.
Just a quick question.
When configuring the AD Engine, we give a user/pass that has the ability to change passwords in the OUs given. Does Vault automatically change the password for the user/pass given at configuration? Or does this stay the same throughout the configuration of the engine?

It will keep the same password by default.
You can rotate the password after initial config by calling the ad/rotate-root endpoint.

vault write -f ad/rotate-root

More info here: Active Directory - Secrets Engines - HTTP API | Vault by HashiCorp

1 Like