diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index 3e5b91083..e788c944b 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -583,6 +583,7 @@ func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *fra
 
 func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	var err error
+	var resp *logical.Response
 	name := data.Get("name").(string)
 
 	entry := &roleEntry{
@@ -644,6 +645,10 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data
 	// no_store implies generate_lease := false
 	if entry.NoStore {
 		*entry.GenerateLease = false
+		if data.Get("generate_lease").(bool) {
+			resp = &logical.Response{}
+			resp.AddWarning("mutually exclusive values no_store=true and generate_lease=true were both specified; no_store=true takes priority")
+		}
 	} else {
 		*entry.GenerateLease = data.Get("generate_lease").(bool)
 	}
@@ -694,7 +699,7 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data
 		return nil, err
 	}
 
-	return nil, nil
+	return resp, nil
 }
 
 func parseKeyUsages(input []string) int {
diff --git a/changelog/14292.txt b/changelog/14292.txt
new file mode 100644
index 000000000..98d48f9d4
--- /dev/null
+++ b/changelog/14292.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/pki: Warn when `generate_lease` and `no_store` are both set to `true` on requests.
+```