Kubernetes Injector - multiple roles


Is it possible to define multiple roles in the annotations to pull secrets as? We have put in place a system for secrets in teams, where this would, in some cases, be very beneficial to have, but I couldn’t find anything in the documentation about this.

Thank you!

This isn’t currently possible. The role gets fed into the auto auth configuration for Vault Agent, and Agent only supports at most 1 auto_auth block in its config.

It seems like there’s been some interest in supporting multiple auto_auth blocks in the community, so you could always add your use-case to that issue. I’m sure it could also be possible to work around this limitation by updating the mapping between roles and policies - happy to help in this regard if you’d like to explain your current model and requirements.