Which feature of Vault automatically revokes secrets?

The feature of Vault that automatically revokes secrets is lease expiration. In HashiCorp Vault, when a secret is accessed or created, it is associated with a lease, which specifies the duration for which the secret is valid. Once the lease period expires, the secret is automatically revoked by Vault. This mechanism enhances security by ensuring that secrets do not remain valid indefinitely, reducing the risk of unauthorized access.

The lease expiration process helps maintain a secure environment, as it ensures that services or applications using the secrets need to renew their leases periodically or obtain new secrets. This way, if a secret were to become compromised, it would be revoked after its lease expires, minimizing potential misuse.

The other options do not provide the automatic revocation of secrets. Database backups pertain to the preservation of data rather than the management of secret lifecycles. User-authenticated sessions relate to access control and permissions for users rather than automatically revoking secrets. Static storage parameters deal with the storage setup and configuration but do not involve the management of secret expiration and revocation processes. Thus, lease expiration is the appropriately tied feature responsible for the automatic revocation of secrets in Vault.