Theron Voran

Thanks @MarkRx! Transferring over the the vault repo since that's where the UI lives.

Oh you know what, I think `policies` is deprecated in favor of `token_policies`: https://github.com/hashicorp/vault-plugin-auth-kubernetes/blob/530b5e913097cf7eea6ff1e2d7b977dd3dba2a16/path_role.go#L65-L69 We should probably mark it as deprecated [in the docs](https://github.com/hashicorp/vault/blob/main/website/content/partials/tokenfields.mdx) too.

HI @anilpally, have you tried setting `vaultConnectionRef` to `vault-secrets-operator/open-vault`? I think that field supports [specifying the namespace](https://developer.hashicorp.com/vault/docs/platform/k8s/vso/api-reference#vaultauthspec) in that format.

Hi @anilpally, that VaultAuth looks fine. I see that `Status.Valid` is `true` there, so I suspect the VaultAuth was evaluated before the VaultConnection was evaluated, resulting in the "not found"...

> and set Status.Valid to true (but didn't clear the error message). I've noticed this behavior if I my VaultAuth refers to the wrong VaultConnection, and then I update VaultAuth...

BTW, this can now be done using a template: ```yaml apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultPKISecret metadata: name: example spec: ... destination: name: pki1 transformation: templates: ca.crt: text: | {{- printf "%s"...

Hi @monicabiswal147, the VaultAuthList type in our API reference docs is just the concrete kind used when getting a [collection of VaultAuth's](https://kubernetes.io/docs/reference/using-api/api-concepts/#collections) from the Kubernetes API. You'll also see it...

Hi @ownercoder, thanks for the patch here, but this is working as intended; credentials for auth should be coming from the VaultStaticSecret's namespace. We have some updated documentation about authentication...

Thanks!

Hi @jameshartig, I'm fairly sure we tried the `signJwt` endpoint at first, but it wasn't working correctly for this auth flow. The people we talked with at Google recommended `generateIdToken`...