I inject the role ID and secret ID of Hashicorp vault using Jenkins during the build stage of my app docker image.
Then, the vault agent read the role ID and secret ID connect to vault and deliver secrets to my app with vault agent templates.
Does vault agent generate new secret ID after TTL is expired, or should I use a Jenkins job to inject new secret ID periodically with Ansible.