kind: ConfigMap metadata: name: vault-agent-config apiVersion: v1 data: config.hcl: | exit_after_auth = false pid_file = "/home/vault/.pid" auto_auth { method "approle" { mount_path = "auth/approle" config = { role = "${VAULT_AGENT_ROLE}" remove_secret_id_file_after_reading = "false" role_id_file_path = "/vault/custom/role-id" secret_id_file_path = "/vault/custom/secret-id" } } sink "file" { config = { path = "/home/vault/.token" } } } vault = { address = "https://${VAULT_ADDR}" } template { destination = "/vault/secrets/${TENANT}" source = "/vault/template/${TENANT}.ctmpl" }