Secret data transformation problems

hello
I wanted to use the new vault-operator function ‘Secret data transformation’. I have the vault-operator version: hashicorp/vault-secrets-operator:0.5.2.
I am using this documentation: Vault Secrets Operator Secret Transformation | Vault | HashiCorp Developer

created a secret, here’s its config:

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
  name: static-auth
  namespace: vault-operator
spec:
  method: kubernetes
  mount: k8s-sbx   
  kubernetes:
    role: vault-operator  
    serviceAccount: default
    audiences:
      - vault
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: app-secret
  namespace: vault-operator
spec:
  type: kv-v2
  mount: TS   
  path: esa/vault-operator
  destination:
    name: vault-operator
    create: true
  refreshAfter: 1h
  vaultAuthRef: static-auth

this secret to use for tests.
this is the config I got from the docs:

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultDynamicSecret
metadata:
  namespace: vault-operator
  name: example-vds
  annotations:
    myapp.config/postgres-host: postgres-postgresql.postgres.svc.cluster.local:5432
spec:
  destination:
    create: true
    name: vault-operator
    transformation:
      excludes:
       - .*
      templates:
        url:
          text: |
            {{- $host := get .Annotations "myapp.config/postgres-host" -}}
            {{- printf "postgresql://%s:%s@%s/postgres?sslmode=disable" (get .Secrets "username") (get .Secrets "password") $host -}}
  path: creds/dev-postgres

get this error:

The VaultDynamicSecret "example-vds" is invalid: spec.mount: Required value

there is nothing in the documentation about this ‘mount’ parameter

Hello @lion

From the error, it looks like spec.mount is not defined in your configuration file and it is a required value.
You can check in the official repo of Vault Secrets Operator, where this Custom Resource Definition is defined: