I have one hashicorp vault instance running in a container. My app authenticates against this with approle auth, and requests the secrets at runtime. The secrets include keys that can not be created dynamically at runtime (like for Stripe for example). In the circumstance that my app container is compromised, are there any ways that I can protect my secrets from a bad actor? Or is the weight of protecting my secrets really on detecting compromise and sealing the vault? Any suggestions are appreciated!