2020-06-25 2020-06-10 David 03:16:19 PM I’m looking to start using the database secrets engine to create creds for my postgres RDS db. How does Vault handle queries that are already running with old credentials when the rotation happens? Erik Osterman (Cloud Posse) 09:01:54 PM Both sets of credentials are valid for an overlapping period of time Erik Osterman (Cloud Posse) 09:02:10 PM That way you can gracefully handle rotations David 09:02:26 PM Excellent. Do you know if that time limit is configurable? Erik Osterman (Cloud Posse) 09:03:00 PM No… but someone here probably does! Yonatan Koren 10:38:07 PM @David you probably figured this out two weeks ago but there is a default TTL and a maximum TTL. If you don’t specify the TTL as a secret consumer you will get the default. If you do specify the TTL, you can do that all the way up to the max TTL.