Issue with CSI not syncing Kubernetes Secret when using environment variables

[anu1508k]

I have installed helm csi driver with sync.secret enabled set to true. The SecretProviderClass has secretObjectName and pods have mounts .
SecretProviderClass:
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: xyz-job-spc
namespace: ${ENV_NAME}
spec:
provider: gcp
parameters:
ClusterRole: secretprovidersyncing-role
secrets: |

• resourceName: "projects/xyz/secrets/xyz_key_txt_${ENV_NAME}/versions/latest"
  fileName: "key.txt"
  secretObjects:
• data:
• key: xyz-key
  objectName: key.txt
  secretName: xyz-secret
  type: Opaque

Pod Spec:

 env:
   -  name: PASSWORD
       valueFrom:
         secretKeyRef:
           name: xyz-secret
           key: xyz-key
  volumeMounts:
    - name: xyz-secret
      mountPath: /etc/xyz/xyz-secret/key.txt
      readOnly: true

serviceAccountName: csi
restartPolicy: Never
volumes:
- name: xyz-secret
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: xyz-job-spc

[r4m-mikhailt]

I have the same problem.
Setup without Workload Identity doesn't work. And we haven't any documentation about that feature.