From 4f5c53f9ee2d1c23add1038c95e275cdfb23de1c Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Mon, 30 Jul 2018 12:39:18 -0700
Subject: [PATCH] set kube/vault refresh interval, fixes #2463

---
 plugins/secrets/vault/vault.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/secrets/vault/vault.go b/plugins/secrets/vault/vault.go
index ebad6859b..5afab8b14 100644
--- a/plugins/secrets/vault/vault.go
+++ b/plugins/secrets/vault/vault.go
@@ -5,6 +5,7 @@
 package vault
 
 import (
+	"errors"
 	"path"
 	"strings"
 	"time"
@@ -78,6 +79,9 @@ func New(store model.ConfigStore, opts ...Opts) (secrets.Plugin, error) {
 }
 
 func (v *vault) initKubernetes() error {
+	if v.renew == 0 {
+		return errors.New("vault: token renewal not configured")
+	}
 	token, ttl, err := getKubernetesToken(
 		v.kubeAuth.addr,
 		v.kubeAuth.role,
@@ -91,7 +95,6 @@ func (v *vault) initKubernetes() error {
 
 	v.client.SetToken(token)
 	v.ttl = ttl
-	v.renew = ttl / 2
 	return nil
 }