From 96f709427fd0a94dad2f9d92f5fc53b9f3aecffd Mon Sep 17 00:00:00 2001
From: Richard Kettelerij <291572+rkettelerij@users.noreply.github.com>
Date: Mon, 15 Oct 2018 12:21:13 +0200
Subject: [PATCH] [Docs] Make clear Nomad requires leases in Vault

---
 website/source/docs/job-specification/template.html.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/website/source/docs/job-specification/template.html.md b/website/source/docs/job-specification/template.html.md
index 450ffd97a..380d299bc 100644
--- a/website/source/docs/job-specification/template.html.md
+++ b/website/source/docs/job-specification/template.html.md
@@ -242,6 +242,8 @@ EOH
 }
 ```
 
+Make sure you set `generate_lease=true` on the `pki/issue/foo` role in Vault's PKI backend. Otherwise the template stanze will frequently render a new certificate (approximately every minute) which is probably not what you want.
+
 ### Vault KV API v1
 
 Under Vault KV API v1, paths start with `secret/`, and the response returns the