Hi. Please help!
Vault revoke lease rabbitmq creds, befor ttl expire.
Have:
“default_lease_ttl”:31536000,
“max_lease_ttl”:31536000
Revoke after 30 days.
There are three levels of TTL configuration in Vault:
- System-wide, configured in the server configuration file
- Mount-level, set via “tune” APIs - /sys/mounts - HTTP API | Vault by HashiCorp
- Settings specific to the secrets engine involved - in the case of RabbitMQ, RabbitMQ - Secrets Engines - HTTP API | Vault by HashiCorp
Check all of them.
Mostly the more specific ones override the more general ones.
- In system config.hcl only adress/tls
- rabbitmq_all/":{ …“config”:
{“default_lease_ttl”:31536000,“force_no_cache”:false,“max_lease_ttl”:31536000},
… }
Guys do you resolve this issue
i have the same issues
vault read rabbitmq_all/config/lease
return
max_ttl 8760h
ttl 8760h
curl -k --header “X-Vault-Token:s.LZPr68cs0osiCTxWewu9cG8w” https://127.0.0.1:8200/v1/sys/mounts/rabbitmq_all/tune
return
default_lease_ttl:31536000
max_lease_ttl":31536000
but leases revoke after 32 days