#vault (2020-06)

vault Discussions related to Hashicorp Vault

2020-06-10

David avatar
David
03:16:19 PM

I’m looking to start using the database secrets engine to create creds for my postgres RDS db.

How does Vault handle queries that are already running with old credentials when the rotation happens?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
09:01:54 PM

Both sets of credentials are valid for an overlapping period of time

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
09:02:10 PM

That way you can gracefully handle rotations

David avatar
David
09:02:26 PM

Excellent. Do you know if that time limit is configurable?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
09:03:00 PM

No… but someone here probably does!

Yonatan Koren avatar
Yonatan Koren
10:38:07 PM

@David you probably figured this out two weeks ago but there is a default TTL and a maximum TTL. If you don’t specify the TTL as a secret consumer you will get the default. If you do specify the TTL, you can do that all the way up to the max TTL.

2020-06-25

    keyboard_arrow_up