How long do Vault-generated short-lived certificates typically last?

Vault-generated short-lived certificates are designed to have a limited lifetime, enhancing security by reducing the window for potential misuse. Typically, these certificates are valid for a period ranging from 24 to 72 hours, aligning with best practices for ephemeral access that limit exposure to risk. This finite lifespan ensures that the certificates must be rotated or renewed periodically, contributing to a more secure and manageable system within Vault's architecture.

By employing short-lived certificates, organizations can enforce strict authentication controls and minimize potential vulnerabilities associated with long-lived certificates. This approach is particularly crucial in environments where security is paramount and servers or services need to authenticate each other frequently.

In contrast, options that suggest longer timeframes or indefinite validity do not align with the principles of short-lived certificate usage in Vault, which emphasizes quick expiration and regular renewal to enhance security posture.