Concourse fails to get secrets from vault

I’m trying to use vault in my concourse pipelines. I already have an approle setup in vault and have specified all the needed parameters in my concourse configuration (CONCOURSE_VAULT_AUTH_BACKEND,CONCOURSE_VAULT_AUTH_PARAM, etc). When the task tries to pull the secrets from vault, I get the error:

failed to interpolate task config: Finding variable 'foo': secrets "pipeline.foo" is forbidden: User "system:serviceaccount:default:concourse-web" cannot get resource "secrets" in API group "" in the namespace "concourse-team_name"

Any help would be greatly appreciated.

:thinking: I’m guessing your Concourse is deployed with Kubernetes? If so I think you’ll need to disable the K8s secrets engine:

Yes that was it! I didn’t realize the Kubernetes secrets engine was enabled by default. Thank you