Allow configuration of lease_renewal_threshold via vault agent sidecar annotations #706
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently for non-renewable leased secrets the secret is refreshed at the 90% mark based on the doc. We would like to be able to configure this via side car annotations since our application requirement for high availability is to be able to refresh the creds at the 50% mark so we have a good buffer between the old and new cred being valid in case there is a vault outage in our org.
lease_renewal_threshold
Describe the solution you'd like
Would like to be able to set this via vault agent side car annotations similar to what can be set currently for this parameter in the template_config
https://developer.hashicorp.com/vault/docs/platform/k8s/injector/annotations#vault-hashicorp-com-template-config-exit-on-retry-failure
Describe alternatives you've considered
Not sure if there are any other alternatives.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: