My Vault setup had an auth method approle which did not have ttls configured. They were set to the default which was 0. After 400K leases, the host of 4G RAM ran out of memory.
I then set the ttl on the approle auth to 1h and revoked all of the existing leases to get the functionality back to normal.
Is there a way to correlate leases with approles? I did a “vault kv put sys/leases/lookup lease_id=auth/approle/login/hff9…” but that does not list which approle does it belong to.