Which feature of Vault automatically revokes secrets?

The feature of Vault that automatically revokes secrets is lease expiration. In HashiCorp Vault, every secret or credential is issued with a lease, which is a defined duration during which the secret is valid. When the lease time expires, the secret is automatically revoked, which helps to enhance security by ensuring that secrets do not persist beyond their useful life. This mechanism reduces the risk of unauthorized access and potential misuse of credentials, as any secrets that are no longer needed or are old will be invalidated automatically.

In contrast, the other options referred to do not inherently involve the automatic revocation of secrets. Database backups are related to preserving data and do not control the lifecycle of secrets. User-authenticated sessions focus on managing access to Vault but do not dictate when a secret should be revoked. Static storage parameters refer to how data is stored, not to the management and lifecycle of secrets. Thus, the automatic revocation feature tied to lease expiration is a fundamental aspect of how Vault maintains security and manages the lifecycle of its secrets effectively.