diff --git a/logical/secret.go b/logical/secret.go
index b460f252f..44676438a 100644
--- a/logical/secret.go
+++ b/logical/secret.go
@@ -25,6 +25,12 @@ type Secret struct {
 	// when returning a response.
 	LeaseIncrement time.Duration `json:"-"`
 
+	// LeaseIssue is the time of issue for the original lease. This is
+	// only available on a Renew operation and has no effect when returning
+	// a response. It can be used to enforce maximum lease periods by
+	// a logical backend.
+	LeaseIssue time.Time `json:"-"`
+
 	// LeaseID is the ID returned to the user to manage this secret.
 	// This is generated by Vault core. Any set value will be ignored.
 	// For requests, this will always be blank.
diff --git a/vault/expiration.go b/vault/expiration.go
index 05b715192..4c4e91769 100644
--- a/vault/expiration.go
+++ b/vault/expiration.go
@@ -462,6 +462,7 @@ func (m *ExpirationManager) revokeEntry(le *leaseEntry) error {
 // renewEntry is used to attempt renew of an internal entry
 func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
 	secret := *le.Secret
+	secret.LeaseIssue = le.IssueTime
 	secret.LeaseIncrement = increment
 	secret.LeaseID = ""
 
diff --git a/vault/expiration_test.go b/vault/expiration_test.go
index 053a2227b..76717d26c 100644
--- a/vault/expiration_test.go
+++ b/vault/expiration_test.go
@@ -639,6 +639,9 @@ func TestExpiration_renewEntry(t *testing.T) {
 	if req.Secret.LeaseIncrement != time.Second {
 		t.Fatalf("Bad: %v", req)
 	}
+	if req.Secret.LeaseIssue.IsZero() {
+		t.Fatalf("Bad: %v", req)
+	}
 }
 
 func TestExpiration_PersistLoadDelete(t *testing.T) {