From a341ddfe215a2844116b3ed47bc6fd88da203540 Mon Sep 17 00:00:00 2001 From: Etienne Bruines Date: Mon, 24 Mar 2025 12:39:11 +0100 Subject: [PATCH] change: use vault ttl for all non-lease secrets Not all Vault secrets report back a `rotation_period`, but as long as they do not have a lease (for renewal) and report a `ttl`, we should be able to use the `ttl` value to determine the sleep duration. Fixes #1970 --- dependency/vault_common.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dependency/vault_common.go b/dependency/vault_common.go index b28a98214..c064cbe72 100644 --- a/dependency/vault_common.go +++ b/dependency/vault_common.go @@ -138,13 +138,13 @@ func leaseCheckWait(s *Secret) time.Duration { } } - // Handle if this is a secret with a rotation period. If this is a rotating secret, + // Handle if this is a secret with a ttl but without a lease. If this is a secret with a ttl, // the rotating secret's TTL will be the duration to sleep before rendering the new secret. var rotatingSecret bool - if _, ok := s.Data["rotation_period"]; ok && s.LeaseID == "" { + if s.LeaseID == "" { if ttlInterface, ok := s.Data["ttl"]; ok { if ttlData, err := ttlInterface.(json.Number).Int64(); err == nil { - log.Printf("[DEBUG] Found rotation_period and set lease duration to %d seconds", ttlData) + log.Printf("[DEBUG] Found ttl and set lease duration to %d seconds", ttlData) // Add a second for cushion base = int(ttlData) + 1 rotatingSecret = true