Vault-secrets-operator with External Vault over mTLS

My Vault is an external instance (not hosted in K8S) secured with mTLS. What is the proper way of configuring mutual authentication for VSO?

I have created kubernetes secret ‘vault-secrets-operator-ca-cert’ with ca.crt, client.tls and client.key but I’m still getting ‘remote error: tls: bad certificate’.

This is helm resource I’m using but I’m not sure if and are necessary:

resource "helm_release" "vault_secrets_operator" {
  name = "vault-secrets-operator"

  repository       = ""
  chart            = "vault-secrets-operator"
  namespace        = "vault"
  version          = "0.1.0"
  create_namespace = true

  values = [
annotations: '/vault/tls/client.crt' '/vault/tls/client.key' 'vault-secrets-operator-ca-cert'

  enabled: true
  address: "https://vault.external.acme:8200"
  caCertSecretRef: "${}"
  skipTLSVerify: true