I am still new to this, but after searching for a while I couldn’t find it.
I am using dynamic secret delivery to my mysql application running in a pod. Thus, the secret is stored in /vault/secret/file . That file is world readable which means that if the pod gets compromised, access to that database (mysql) is also automatically compromised. What can I do to stop this? Maybe I missed something…