From 4d3326b5429db0421e9fe3e248eb0d90f4bab922 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Wed, 29 Nov 2017 10:38:59 +0000
Subject: [PATCH] Raise default vault lease TTL to 10y (#2008)

---
 roles/vault/defaults/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index f70d67f7d..acd2ac8fd 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -44,7 +44,8 @@ vault_bind_address: 0.0.0.0
 vault_port: 8200
 vault_etcd_url: "{{ etcd_access_addresses }}"
 
-vault_default_lease_ttl: 720h
+# 10y default lease
+vault_default_lease_ttl: 87600h
 vault_max_lease_ttl: 87600h
 
 vault_temp_config: