Enhance Daemon Mode to Dynamically Regenerate Secrets After Max TTL Expiry

[4FunAndProfit]

Preflight Checklist

• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I agree to follow the Code of Conduct.

Problem Description

Issue Description:
In the current daemon mode implementation for vault-env, dynamic secrets are revoked once their max_ttl expires, which causes the renewal process to stop. This limitation can lead to disruptions in services relying on dynamic secrets, such as database credentials, after the max_ttl has been reached.
(See bank-vaults/bank-vaults#856)

Proposed Solution

Would it be possible to enhance the daemon mode to handle this scenario by dynamically regenerating the secrets (e.g., creating new tokens or rotating credentials) when the max_ttl is reached? Alternatively, is there another solution or workaround that can keep the secrets up to date without manual intervention after the max_ttl expires?

Thank you for your help!

Alternatives Considered

A lot but don’t find a correct solution for now 😭😂

Additional Information

No response

[ramizpolic]

You can check https://github.com/bank-vaults/vault-secrets-reloader project which can give you the granularity of reloading you need, either time-based or change-based.

[4FunAndProfit]

Thanks @ramizpolic ! That indeed what i thought but can't find a way to do it through this project
I saw another user who asked the same question in this project bank-vaults/vault-secrets-reloader#171 but they were no response

Can you please give us some clues to use vault-secrets-reloader to regenerate in this case?

Thanks a lot in advance!