A DevOps team uses Vault to store database credentials via the database secrets engine. They notice that after the default lease duration, applications receive errors when trying to connect. The team wants to ensure that applications automatically renew leases before expiration. What should they do?
Trap 1: Schedule a cron job to periodically read new credentials.
Cron job is a manual workaround and not an automated renewal.
Trap 2: Set a longer default TTL on the role.
Increasing TTL only prolongs lease but does not automate renewal.
Trap 3: Set a longer max TTL on the mount.
Max TTL limits the maximum lease duration, not renewal behavior.
- A
Schedule a cron job to periodically read new credentials.
Why wrong: Cron job is a manual workaround and not an automated renewal.
- B
Set a longer default TTL on the role.
Why wrong: Increasing TTL only prolongs lease but does not automate renewal.
- C
Use Vault Agent to renew the secret.
Vault Agent can automatically renew leases and manage secrets lifecycle.
- D
Set a longer max TTL on the mount.
Why wrong: Max TTL limits the maximum lease duration, not renewal behavior.