Comprehensive and Detailed in Depth
Once a dynamic secret’s lease expires, it cannot be renewed or reused; a new secret must be
requested. The HashiCorp Vault documentation states: "A lease must be renewed before it has
expired. Once it has expired, it is permanently revoked and a new secret must be requested." This
means that after expiration, the secret is invalidated, and the application must obtain a new secret
with a new lease to regain access.
Trying an expired secret (A) is futile as it’s revoked. Performing a lease renewal (B) is impossible post-
expiration, as the docs note: "Renewal must occur before the lease expires." Extending the TTL (D)
isn’t an option for an expired lease. Thus, C is the correct action.
Reference:
HashiCorp Vault Documentation - Leases: Lease Renew and Revoke
