What feature does Vault's database secrets engine provide?

The database secrets engine in Vault provides dynamic credentials for accessing databases. This feature allows Vault to generate unique, temporary credentials for database access on-the-fly when a request is made. These dynamic credentials are tied to a specific set of permissions and have a limited lifetime, which enhances security by reducing the risk of credential compromise.

Whenever an application or user needs to connect to a database, the Vault can create new credentials, ensuring that these credentials are only valid for a short period before they expire. This functionality not only improves security by minimizing the exposure of database credentials but also simplifies credential management, as there's no need to manually create, distribute, or rotate static credentials.

While the other options consider various aspects of database management and security, they do not capture the core functionality of the database secrets engine, which is centered around dynamic credential generation and lifecycle management.