Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

enhance azure workload identity documentation (#2437)

Signed-off-by: Michael Ruoss <michael@michaelruoss.ch>
Michael Ruoss 2 years ago
parent
3c1a1257bf
commit
b05d14d4bc
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      docs/provider/azure-key-vault.md

+ 1 - 1
docs/provider/azure-key-vault.md
View File 

@@ -73,7 +73,7 @@ azwi serviceaccount create phase federated-identity \
 
 With these prerequisites met you can configure `ESO` to use that Service Account. You have two options:
 
 
 ##### Mounted Service Account
 
-You run the controller and mount that particular service account into the pod. That grants _everyone_ who is able to create a secret store or reference a correctly configured one the ability to read secrets. **This approach is usually not recommended**. But may make sense when you want to share an identity with multiple namespaces. Also see our [Multi-Tenancy Guide](../guides/multi-tenancy.md) for design considerations.
 
+You run the controller and mount that particular service account into the pod by adding the label `azure.workload.identity/use: "true"`to the pod. That grants _everyone_ who is able to create a secret store or reference a correctly configured one the ability to read secrets. **This approach is usually not recommended**. But may make sense when you want to share an identity with multiple namespaces. Also see our [Multi-Tenancy Guide](../guides/multi-tenancy.md) for design considerations.
 
 
 ```yaml
 
 {% include 'azkv-workload-identity-mounted.yaml' %}