Open rusanki opened 2 days ago
Hi, I can't seem to reproduce this with the information given. TTLs take into account both the mount TTLs and the role TTLs. Did you update both to 72000h? Additionally, if you try to read the credentials, what value do you see for lease_duration
?
Describe the bug We have a database secret with default and max ttl of 72000h but vault is running revocation statements after 32 days.
To Reproduce
Not able to reproduce this anywhere else. We had default ttl and max ttl kept at default 768h but a few months back we updated it to 72000h to avoid expiring leases. Now we have faced this behaviour for 3rd time. We verified the database user as well which is having extended 72000h of expiry but can see a recovacation statement which alters the user property to NOLOGIN ran after 32 days period.
Expected behavior We would expect REVOCATION STATEMENTS to have never run because of extended lease expiry.
Environment:
vault status
): 1.12.1vault version
): 1.14.1Vault server configuration file(s):
Additional context We now will remove the revocation statement to avoid the recurrence but wanted to highlight the behaviour and a possible bug.