Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
Today the client id in both SecretProviderClass and ServiceAccount should be same and such information is duplicated. We can add a flag to let SecretProviderClass always use the client id provided by the service account of the pod rather than us providing it as a parameter.
Anything else you would like to add:
There is a pull request pending for review that could be a solution
Environment:
Secrets Store CSI Driver version: (use the image tag):
Azure Key Vault provider version: (use the image tag): v1.5.1
Describe the solution you'd like
Today the client id in both
SecretProviderClassandServiceAccountshould be same and such information is duplicated. We can add a flag to letSecretProviderClassalways use the client id provided by the service account of the pod rather than us providing it as a parameter.Anything else you would like to add:
There is a pull request pending for review that could be a solution
Environment:
kubectl version): 1.28.5