Vault K8s Injector multiple roles


Is it possible to have multiple roles as annotations? I would want to use one vault role to get secrets and another to get a vault token. Is it something possible or Is there any workaround for that?

The injector/agent setup only supports one authenticated session with a Vault, so no.

You might consider using the injector only for the injected secrets, and logging in to Vault to get a token directly within your app code.

Logging in to Vault using Kubernetes auth is as simple as reading your Kubernetes service account token from /var/run/secrets/ and sending it to the login API - Kubernetes - Auth Methods - HTTP API | Vault by HashiCorp

Umm, I was maybe thinking we can use this annotation
( Agent Sidecar Injector Annotations | Vault by HashiCorp ) and then do the vault login command?

If you did, you’d be using the injector simply to run a command - at which point, why even use the injector for that?

Look carefully at the documentation for that option - it doesn’t cause the output of the command to be written to the secret.

Also, do you need expiry handling for this token? Running a command as a side effect of populating a different secret is not going to give you that.

Umm, Yes !! Couldnt agree more. Thank you !!