Hi @BradyWiseman, try this in the annotation:
vault.hashicorp.com/agent-inject-secret-ca.crt: ""
vault.hashicorp.com/agent-inject-template-ca.crt: |
{{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
{{ .Data.issuing_ca }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-tls.key: ""
vault.hashicorp.com/agent-inject-template-tls.key: |
{{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
{{ .Data.private_key }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-tls.crt: ""
vault.hashicorp.com/agent-inject-template-tls.crt: |
{{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
{{ .Data.certificate }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-all.crt: ""
vault.hashicorp.com/agent-inject-template-all.crt: |
{{- with secret "k8_pki/issue/webcerts" "common_name=host.my-website.com" -}}
{{ .Data }}
{{- end }}
The ca.crt, tls.key and tls.crt should render in /vault/secrets/.