Vault revoke lease rabbitmq creds, befor ttl expire

paullol · August 2, 2022, 7:59pm

Hi. Please help!
Vault revoke lease rabbitmq creds, befor ttl expire.
Have:
“default_lease_ttl”:31536000,
“max_lease_ttl”:31536000
Revoke after 30 days.

maxb · August 3, 2022, 8:11pm

There are three levels of TTL configuration in Vault:

System-wide, configured in the server configuration file
Mount-level, set via “tune” APIs - /sys/mounts - HTTP API | Vault by HashiCorp
Settings specific to the secrets engine involved - in the case of RabbitMQ, RabbitMQ - Secrets Engines - HTTP API | Vault by HashiCorp

Check all of them.

Mostly the more specific ones override the more general ones.

paullol · August 4, 2022, 8:54am

In system config.hcl only adress/tls
rabbitmq_all/":{ …“config”:
{“default_lease_ttl”:31536000,“force_no_cache”:false,“max_lease_ttl”:31536000},
… }

Screenshot 2022-08-04 at 11-53-15 Vault

andriy.vysotskyy · September 7, 2022, 8:56am

Guys do you resolve this issue
i have the same issues
vault read rabbitmq_all/config/lease
return
max_ttl 8760h
ttl 8760h

curl -k --header “X-Vault-Token:s.LZPr68cs0osiCTxWewu9cG8w” https://127.0.0.1:8200/v1/sys/mounts/rabbitmq_all/tune

return
default_lease_ttl:31536000
max_lease_ttl":31536000

but leases revoke after 32 days