Manual vault authentication in Kubernetes pods

Hi, is there any way to manually authenticate against vault from a Kubernetes pods with service account without using the vault webhook ?

My use case is the following: I need to be able to load a lot (like 300) of K/V from a vault path (which service account as permission to access) and it does not seem feasible with webook annotation (loading every secret inside a path). So my guess is that I need to do it some other way.

There are multiple methods of getting your secrets.

loops for example:

{{ range services }}
{{ range service .Name }}
  {{ .Address }}
{{ end }}{{ end }}

Indeed, as you have guessed, it would be better to just authenticate to the Vault API from your program code.

This is easy to do - you just read your service account token from the path on disk where Kubernetes provides it to you: /var/run/secrets/ - and send it to the login API: Kubernetes - Auth Methods - HTTP API | Vault by HashiCorp

Then just send the returned client_token with each request.