Vault-agent set up different volume path for secrets

Hi, the current installation for vault inject sets /vault/secrets/ as the root of the secrets volume. Can we specify a different volume path at installation for the secrets. It is not clear is this is possible based on the values vault-helm/values.yaml at main · hashicorp/vault-helm · GitHub. Thank you


Thank you aram. This annotation does not cover my use case. I need to render the secrets at some path and different volume. For example, for path /app vault will render the secrets to vault/secrets/app where vault/secrets is the default volume used by vault injector, but I need the secrets rendered at a different volume. One I can define. Is that possible? I looked at the helm installation values but it does not provide that flexibility.

1 Like

Any luck? i am looking for the same answer but there is no documentation on this whatsoever

Here are all the possible values for the Injector configuration via Helm.

I’m not aware of any such parameter that would allow you to configure all agents with a different pre-defined secret volume path. I’m not even sure that’s your actual use case. If not, please add some more detail to it.

Generally speaking though, one would want to configure the secret volume path using Pod annotations, since this may vary from micro-service to micro-service. What is the problem with Agent Sidecar Injector Annotations | Vault | HashiCorp Developer though and why is this not an option?

Just to be clear, you can use multiple annotations of the same type by appending a secret name suffix to it like so:

This means you can potentially have multiple different secrets, one per volume, in different paths. Does that not solve the issue you have?