Which characteristic defines dynamic secrets in Vault?

Dynamic secrets in Vault are characterized by having a defined lease period. When an application requests a dynamic secret, Vault generates a unique, ephemeral credential that is tied to specific requested attributes, such as a database login. This credential is not permanent; it has a lease associated with it, which determines how long the secret is valid. Once the lease expires, the secret is automatically revoked, enhancing security by reducing the window of opportunity for misuse.

The ability to have a lease period allows organizations to manage secrets efficiently by ensuring that credentials are only valid for the duration of the user's activity, thus limiting exposure to vulnerabilities. This dynamic nature of secrets encourages a more secure approach to managing sensitive information, as opposed to static secrets that remain in use until manually rotated or replaced.