After vault is integrated with k8s, secret data can be obtained from vault service in the form of annotation or configmap.
Everything works fine when using annotations. I customized the storage path as /vault/signserverEnv instead of the default path /vault/secrets. secret/data/Dev/Security/signserver/config /vault/signserverEnv |
          {{- with secret "secret/data/Dev/Security/signserver/config" -}}
          {{- end -}}

But when I use configmap vault-template-config

The configuration of config is as follows

"auto_auth" = {
	"method" = {
		"type" = "kubernetes"
		"config" = {
			"role" = "signserverdev"
"exit_after_auth" = true
"template" = {
	"perms" ="0777"
	"destination" = "/vault/signserverEnv/ManagementCA.crt"
	"contents" = "{{- with secret  \"secret/data/Dev/Security/signserver/config\" -}}{{base64Decode}}{{- end -}}"

Report the following error message
This shows that there is no permission to create, I checkedvault agent template document,find create_dest_dirs(default true)andperms(Already set to 0777)might solve the problem, but unfortunately also got the error above. Can you help me how to set it up? (The boss is very angry now)