Vault-agent and pki

I have vault-agent running, and injecting secrets into a kubernetes pod. Very cool!

My next challenge is to have vault-agent inject a newly created pki certificate into the pod.
I see and can use the annotation vault.hashicorp.com/agent-inject-secret-.

Is there a similar annotation for injecting a new certificate from pki/issue ?

Hi @BradyWiseman, try this in the annotation:

        vault.hashicorp.com/agent-inject-secret-ca.crt: ""
        vault.hashicorp.com/agent-inject-template-ca.crt: |
          {{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
          {{ .Data.issuing_ca }}
          {{- end }} 
        vault.hashicorp.com/agent-inject-secret-tls.key: ""
        vault.hashicorp.com/agent-inject-template-tls.key: |
          {{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
          {{ .Data.private_key }}
          {{- end }} 
        vault.hashicorp.com/agent-inject-secret-tls.crt: ""
        vault.hashicorp.com/agent-inject-template-tls.crt: |
          {{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
          {{ .Data.certificate }}
          {{- end }}       
        vault.hashicorp.com/agent-inject-secret-all.crt: ""
        vault.hashicorp.com/agent-inject-template-all.crt: |
          {{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
          {{ .Data }}
          {{- end }}       

The ca.crt, tls.key and tls.crt should render in /vault/secrets/.