I understand how database credential are issued for application but I don’t understand how it is renewed
- Application requests for database credentials to Vault
- Vault create credentials and returns to app
- Application is using credential
- After some time credential is expiring
- Vault revokes the database credential
How app can detect that credential is no more valid and should ask for new credential?
If it will use old credential it will cause errors (eg. JDBC errors)
Second think is that I run my application in many instances. How will Vault know which one credential to revoke for which instance?