I need to render the secrets at some path and different volume with Vault Injector. For example, for path /app vault will render the secrets to vault/secrets/app where vault/secrets is the default volume used by vault injector, but I need the secrets rendered at a different volume. One I can define. Is that possible? I looked at the helm installation values but it does not provide that flexibility and annotation “secret-volume-path” only allows for specifying a path at the default volume “/vault/secrets”
Hi @eliAve! The
secret-volume-path annotation should indeed let you mount a secrets volume at an arbitrary location in the pod, and the
agent-inject-file annotation lets you specify exactly where in the volume the secret should be rendered.
For example, these annotations would render a secret at
vault.hashicorp.com/agent-inject-secret-database-config: "internal/data/database/config" vault.hashicorp.com/agent-inject-file-database-config: "/some/secret/here.txt" vault.hashicorp.com/secret-volume-path-database-config: "/app"