If we are using kv as our secrets engine, does vault have a capability to expire the secrets stored or would this require some custom KV development ? Any thoughts / ideas?
KV secrets do not have a TTL.
It’d be custom API/integration work… You could add a field or metadata somehow then build a process to remove/invalidate the secret.