From 231ef1de62d8a01d4da313a998034d0fa92d618f Mon Sep 17 00:00:00 2001 From: swayne275 Date: Thu, 11 Nov 2021 16:09:44 -0700 Subject: [PATCH] define batch token interaction with lease count quota (#13127) --- website/content/docs/enterprise/lease-count-quotas.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/content/docs/enterprise/lease-count-quotas.mdx b/website/content/docs/enterprise/lease-count-quotas.mdx index 2a570a4971..3251fe4f35 100644 --- a/website/content/docs/enterprise/lease-count-quotas.mdx +++ b/website/content/docs/enterprise/lease-count-quotas.mdx @@ -17,6 +17,9 @@ It is important to note that lease count quotas do not apply to the root tokens. If the number of leases in the cluster hits the configured limit, `max_leases`, an operator could still create a root token and access the cluster to try to recover. +Additionally, batch token creation is blocked when the lease count quota is +exceeded, but batch tokens do not count towards the quota. + All the nodes in the Vault cluster will share the lease quota rules, meaning that the lease counters will be shared, regardless of which node in the Vault cluster receives lease generation requests. Lease quotas can be imposed across Vault's API,