I am trying to build AKS with GitOps for FLux configuration and CSI Secrets provider for Airflow.

I am able to pass secrets from KV to AKS and to other pods, secrets are populated as AKS secrets, however for dags config and ssh key, which are being pulled inside git-sync-init container, they are not placed inside /etc/git-secret/ssh ( as outputing git-sync-init container). I have tried to manually create secret with same content and it worked well without doing any special mounting or etc.

dags:
  gitSync:
    branch: main
    containerLifecycleHooks: {}
    containerName: git-sync
    depth: 1
    enabled: true
    env: []
    extraVolumeMounts: []
    maxFailures: 0
    period: 1s
    ref: v2-2-stable
    repo: ssh://[email protected]/v3/xxxx/yyyyyy/airflow-dags
    resources: {}
    rev: HEAD
    securityContext: {}
    securityContexts:
      container: {}
    sshKeySecret: airflow-ssh-private-key
    subPath: ""
    uid: 65533

Installation of airflow:

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: airflow
  namespace: flux-system
spec:
  chart:
    spec:
      chart: airflow
      version: 1.13.1
      sourceRef:
        kind: HelmRepository
        name: airflow
        namespace: flux-system
  install:
    disableWait: false
  interval: 60s
  valuesFrom:
    - kind: ConfigMap
      name: airflow-values

Declaration of secrets:

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: kv-xxx-xxx-001
  namespace: flux-system
spec:
  provider: azure
  secretObjects:
    - secretName: "airflow-ssh-private-key"
      type: Opaque
      data:
        - objectName: "airflow-ssh-private-key"
          key: "gitSshKey"
  parameters:
    usePodIdentity: "false"
    clientID: "xxxxx"
    keyvaultName: "kv-xxx-xxx-001"
    objects: |
      array:
        - |
          objectName: airflow-ssh-private-key
          objectType: secret
          objectAlias: airflow-ssh-private-key
    tenantID: "x"

What am I doing wrong ? How I can get the secret to git-sync-init without rewriting helm chart of airflow please ?

Already tried:
-Secret manually created = Worked!
-ENV/VolumeMounts though the airflow helm chart can figure a proper way to do so
-Private cluster with limited connectivity to kubeAPI would like to have some sophisticated solution rather than creating secret other way arround

Thanks