We use vault-agent sidecars to access secrets from pods (kubernetes).
More specifically I have a node.js application that needs to be able to read and write secrets. Auth is done using kubernetes auth and a service account for the pod. This works perfectly for reading/mounting secrets using annotations.
How would I go about writing secrets. Can I somehow use the sidecar for this? Or would I simply post/patch/update directly to the vault api? If so, do I just use the service account token for auth?
Thank you for reading my question!