The HashiCorp Terraform Cloud Operator for Kubernetes continuously reconciles infrastructure resources using Terraform Cloud. To better secure secrets, such as API tokens, instead of hard-coding them, they can be stored and managed in a centralized secrets manager like HashiCorp Vault. In this approach, the Vault Secrets Operator (VSO) retrieves secrets from an external secrets manager and stores them in a Kubernetes secret for workloads to use. This post demonstrates how to use VSO to retrieve dynamic secrets from Vault and write them to a Kubernetes secret for the Terraform Cloud Operator to reference when creating a workspace.