Enhance Daemon Mode to Dynamically Regenerate Secrets After Max TTL Expiry #204
Labels
kind/enhancement
Categorizes issue or PR as related to an improvement.
Comments
4FunAndProfit
added
the
kind/enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight Checklist
Problem Description
Issue Description:
In the current daemon mode implementation for vault-env, dynamic secrets are revoked once their max_ttl expires, which causes the renewal process to stop. This limitation can lead to disruptions in services relying on dynamic secrets, such as database credentials, after the max_ttl has been reached.
(See bank-vaults/bank-vaults#856)
Proposed Solution
Would it be possible to enhance the daemon mode to handle this scenario by dynamically regenerating the secrets (e.g., creating new tokens or rotating credentials) when the max_ttl is reached? Alternatively, is there another solution or workaround that can keep the secrets up to date without manual intervention after the max_ttl expires?
Thank you for your help!
Alternatives Considered
A lot but don’t find a correct solution for now 😭😂
Additional Information
No response
The text was updated successfully, but these errors were encountered: