Single secret to authenticate vault instead of per namespace

[iamps5]

I've deployed VSO in it's own namespace & I've many different applications running in various namespaces. I deployed VSS/VDS for each application in it's corresponding namespace along with the k8s-secret that authenticate vault to fetch the secret for the application

Now, instead of deploying k8-secret along with each VSS/VDS, can we have a single secret (with some labels/annotations) that we can add in a single namespace (maybe operator's namespace) & attach it to VSS/VDS in each namespace

[iamps5]

@benashz can you please tell if this is possible in near future?

[SamStenton]

This is something that would be useful to us as Vault Enterprise users. Currently using Vault Agent Injector allows us to set a cluster wide alias for interaction with VSO however, our client usage has exploded. Unless this changes we're going to have to seriously restrict usage of VSO which isn't a nice experience for our internal consumers.

[teksuo]

Considering that Vault tiers are changing very soon because of the acquisition by IBM and they are going to become much more restrictive regarding client counts, I think this issue should be prioritized ASAP.

For us as Vault Dedicated users, it will be a deal breaker to have a client alias per namespace.