But we hit a snag every now and then when the session token expire.
So vault drops all the existing leases including database dynamic role lease, when the session token expire, irrespective of the ttl on dynamic role.
It seems SecretLeaseContainer is not aware of when the session token expire. As a result SecretLeaseExpired event is not fired and application goes into a fail state due to invalid db credentials, until the SecretLeaseContainer counts down on the ttl and fires next SecretLeaseExpiredEvent.
Hello,
We have implemented database dynamic credentials using spring cloud vault bootstrap properties and utilising VaultLeaseConfig similar to in here (https://secrets-as-a-service.com/posts/hashicorp-vault/rotate-dynamic-relational-database-connection-in-spring-at-runtime/#:~:text=To%20rotate%20the%20database%20credentials,to%20use%20the%20new%20credentials) for updating the hikari properties runtime when the dynamic credentials change.
But we hit a snag every now and then when the session token expire.
So vault drops all the existing leases including database dynamic role lease, when the session token expire, irrespective of the ttl on dynamic role.
It seems SecretLeaseContainer is not aware of when the session token expire. As a result SecretLeaseExpired event is not fired and application goes into a fail state due to invalid db credentials, until the SecretLeaseContainer counts down on the ttl and fires next SecretLeaseExpiredEvent.
Related Issue: https://github.com/spring-cloud/spring-cloud-vault/issues/698