Description
Hey!
I've started to use vault-secrets-operator and I have a question related to its security.
For example I have some secrets related to apps and infra kept in Vault and there are different policies to access them.
Using vault-secrets-operator (even if I specify 'vaultRole: my-custom-vault-role') I can access any secret in Vault, the only thing I need is to have RBAC rights to create VaultSecrets resource and know the name of vaultRole (I can see the values from someone else's code).
Did I understand it properly?
If so, it would be great to have an opportunity to use labels (or smth like that) to control which namespaces can use different roles, so my dev teams can create VaultSecrets with specific values of a vaultRole (and those values that are not allowed will be blocked by vault-secrets-operator itself).
Thanks.