A common usage pattern is to either renew the credentials (for
supporting backends), extending their lifetime, or to request new
credentials well in advance. So if your credentials have a lifetime of
three days, and you request new credentials six hours before they are
set to expire, for most use cases this will be plenty of time to
finish any outstanding queries.
Of course, this depends a lot on the behavior of your connection pool;
if it drops idle connections after a credential change, then you
should be fine, as new requests for connections will use the new
credentials. If it never drops connections until flushed, you will
still have a problem.
--Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
>
https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues:
https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/vault-tool/bbdafaab-057b-421e-832b-e817fa2f32ce%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.