Describe the issue: In OCP 4.11, the serviceaccount token secret are not present in the serviceaccount description. Since the secret is not present, the following documented step will fail: $ VAULT_SA_SECRET_NAME=$(oc -n openshift-storage get sa <SA_NAME> -o jsonpath="{.secrets[*]['name']}") | grep -o "[^[:space:]]*-token-[^[:space:]]*" This step needs to be modified. There can be two approaches to resolving this: - The token secret can be linked to the serviceacount using this command and the rest of the steps can be followed as is: $ oc secrets link <serviceaccount name> <serviceaccount token secret name> - A new token secret can be created and used instead: $ cat <<EOF | oc create -f - apiVersion: v1 kind: Secret metadata: name: odf-vault-auth-token namespace: openshift-storage annotations: kubernetes.io/service-account.name: "odf-vault-auth" type: kubernetes.io/service-account-token data: {} EOF Describe the task you were trying to accomplish: ------------------------------------------------ Enabling kube auth for clusterwide encryption using KMS Document URL: ------------- https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html-single/deploying_openshift_data_foundation_using_amazon_web_services/index#enabling-cluster-wide-encryprtion-with-the-kubernetes-authentication-using-kms_cloud-storage Chapter/Section Number and Title: --------------------------------- 2.3. Enabling cluster-wide encryption with KMS using the Kubernetes authentication method Product Version: ---------------- ODF 4.11 ODF 4.10 (If deployment is being done on OCP 4.11)