Auto unseal vault using a Pod Identity


I’m doing some work for a client that involves Azure AKS and Hashi vault.

They currently use pod identity to authenticate to Azure Resources. I would like to follow suit (or shall I say, have to follow suit) and get Vault to auto unseal using the pod identity.

Is this possible and is it as simple as assigning the pod identity to the HCV chart (via extraLabels) and configuring the secrets in the key vault. I’m probably missing a lot of steps in between but just trying to get an idea.

I’ve come across one Hashi talk regarding Pod Identities but it didn’t mention auto unsealing.

Repo detailing the hashi talk here

Can anyone please advise / help :smiley: