secrets-store-csi-driver-provider-azure | Azure Key Vault provider for Secret Store CSI driver allows | Identity Management library

The comment on the answer you linked was incorrect. I've left a note to explain the confusion. What you have is fine, if possibly over-built :) You're not actually gaining any security vs. just using Kubernetes Secrets directly but if you prefer the workflow around AKV then this looks fine. You might want to look at externalsecrets rather than this weird side feature of the CSI stuff? The CSI driver is more for exposing stuff as files rather than external->Secret->envvar.

The CSI secret store driver is a container storage interface driver - it can only mount to files.

For postgres specifically, you can use docker secrets environment variables to point to the path you're mounting the secret in and it will read it from the file instead. This works via appending _FILE to the variable name.

Per that document: Currently, this is only supported for POSTGRES_INITDB_ARGS, POSTGRES_PASSWORD, POSTGRES_USER, and POSTGRES_DB.

Looks it is related to the default network plugin that AKS picks for you if you don't specify "Advanced" for network options: kubenet.

This integration can be done with kubenet outlined here:

https://azure.github.io/aad-pod-identity/docs/configure/aad_pod_identity_on_kubenet/

If you are creating a new cluster, enable Advanced networking or add the --network-plugin azure flag and parameter.