Vault.hashicorp.com/template-static-secret-render-interval doesn't work

Hi
I’m using the following hashicope annotations and these annotations are patched in the application pod using kubectl patch sts app-sts --patch “$(cat template.json)” command.

        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-inject-status: "update"
        vault.hashicorp.com/agent-extra-secret: 'vault-injector-secret'
        vault.hashicorp.com/auth-type: 'approle'
        vault.hashicorp.com/auth-path: 'auth/approle'
        vault.hashicorp.com/auth-config-role-id-file-path: '/vault/custom/.role-id'
        vault.hashicorp.com/auth-config-secret-id-file-path: '/vault/custom/.secret-id'
        vault.hashicorp.com/agent-inject-secret-vault-secrets.json: "/"
        vault.hashicorp.com/secret-volume-path-vault-secrets.json : "/etc/app-secrets"
        vault.hashicorp.com/template-static-secret-render-interval: "1m"
        vault.hashicorp.com/agent-inject-template-vault-secrets.json: |
        {}

Even if I specify vault.hashicorp.com/template-static-secret-render-interval: “1m”, the secret file get refreshed after each 5min. But I want to make it refresh after each 1min.

For simplicity, I kept consule template empty here.

Can Anybody help me with this?

I’m not sure this is needed.
You’re patching the StatefulSet which means the Pod will be recreated anyway.

Just curious as to why you’re using AppRole within Kubernetes.
I’ve seen other people doing that before and just want to understand the motivation for doing so.

Has this path been redacted? If so, you should indicate that.

If you want to simplify it altogether then just remove this.

@macmiranda There is no specific reason to use app role authentication within Kubernetes. That’s the design of my project.