Which characteristic defines dynamic secrets in Vault?

Dynamic secrets in HashiCorp Vault are characterized by having a defined lease period. When a client requests a dynamic secret, it is generated in real time and tied to its own set of access permissions and a specific lease duration. This means that the secret is valid for a limited amount of time, after which it can either be renewed or expires.

The lease mechanism is a crucial part of dynamic secrets because it enhances security; if the secret is compromised, the time limit reduces the window of opportunity for unauthorized access, thus minimizing the potential risk. Additionally, when the lease period expires, Vault can automatically revoke the secret, ensuring that stale or unutilized secrets do not remain active indefinitely.

In contrast, the other characteristics listed do not apply to dynamic secrets in Vault. For instance, dynamic secrets are not permanently assigned to users, as they are meant to be ephemeral. They also require authentication since clients must authenticate to Vault before they can access any secrets, and they can indeed be revoked before the expiration of their lease if necessary.