What built-in feature does Vault offer regarding secret revocation?

Vault's robust revocation capabilities allow for automated secret revocation, which is critical for maintaining security within an organization. This feature is integrative, allowing secrets to be revoked automatically under specific circumstances, such as when the associated policies change or when a secret is no longer needed.

The automated revocation feature helps ensure that access to sensitive data is tightly controlled and that secrets are not lingering beyond their intended lifespan. This can include conditions like time-to-live (TTL) expiration or when a certain application or service is decommissioned. The automation aspect reduces the potential for human error that can occur with manual revocation and helps organizations respond quickly to security incidents or changes in the infrastructure.

For context, manual revocation alone is less efficient and prone to oversight, while stating that revocation is not supported disregards Vault's designed capabilities in secret management. The command line interface is indeed a method through which revocation can occur, but it does not encapsulate the built-in automation feature that Vault provides.