What happens to dynamic secrets after their lease expires in Vault?

When dynamic secrets have their lease expire in HashiCorp Vault, they are automatically revoked. This process is fundamental to the way dynamic secrets are managed in Vault. Each dynamic secret comes with a lease associated with it that defines how long that secret is valid. Once this lease expires, Vault ensures that the secret is no longer accessible or usable, thus maintaining a secure and controlled access environment.

The automatic revocation serves multiple security purposes, such as minimizing the risk of long-term exposure of sensitive credentials and ensuring that secrets are only valid for the time needed. This mechanism enhances security by ensuring secrets are transient and are not lingering beyond their intended usage period. The other choices do not correctly reflect the behavior of dynamic secrets in Vault, as they either suggest they continue to exist beyond the lease expiry, which could introduce security risks, or they imply improper handling of the secret post-expiration.