A Vault object is assigned a usable period (
active life) when created. An object is
archived when its active life expires or the API or CLI deletes it. The deletion or expiration of an owner object archives all the objects it owns.
The default setting in Vault is for objects never to expire.
Vault lets you specify a grace period during which an object remains
archived so that you can reactivate it if desired. When the object's grace period expires, it becomes eligible for complete erasure from the Vault. For more information, see the 'archived' state in Object life cycle.
The default grace period is 30 days (720 hours).
Customizing the policy
Retention policies determine when an active object will expire. You can customize the retention policy for object types with the expiration environment variables as follows:
PVAULT_EXPIRATION_ASSOCIATED_OBJECTSfor person objects and data objects associated with a person object. For example, a customer record or a credit card belonging to a customer.
PVAULT_EXPIRATION_UNASSOCIATED_OBJECTSfor Data objects that are not associated with a person object.
You can override the Vault default and these policies settings when creating or updating objects or tokens by setting their
expiration_secs parameter in the REST API operations or
--expiration-secs flag in the CLI commands.
You customize the grace period for archived objects using the
PVAULT_DB_GC_RETENTION_PERIOD database environment variable.