6aba9bf11b
Referencing [here](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-sidecar#configure-kubernetes-authentication), comparing with the Secrets Operator that I used [here](https://blog.scubbo.org/posts/base-app-infrastructure/). I _think_ I prefer this because: * It doesn't create a Kubernetes secret (which is, contrary to expectation, [not entirely secure](https://kubernetes.io/docs/concepts/configuration/secret/)) * The YAML/template changes required are smaller * It looks like it _might_ be able to write a whole Vault path as a single file, rather than one-file-per-key - though it'll need some template wizardry (in a follow-on commit) to format that right.