Kubernetes Vault Agent Init Container Only

I am currently running Vault on Kubernetes and using the Vault Agent sidecar injection. I read from the official documentation that you can run Vault Agent as init container only, that will exit after fetching the secret. Does anyone know how I can achieve that? I couldn’t find anything in the documentation to inject the agent as init container only.

I needed that because there are scenarios where I need to create an actual Kubernetes secret object, so I am using Kubernetes Job to fetch secrets from Vault and then create the object with the api. But the job never completes because the Vault Agent sidecar will never exit.