diff --git a/docs/compatibility.md b/docs/compatibility.md
index efe714be..7ad02317 100644
--- a/docs/compatibility.md
+++ b/docs/compatibility.md
@@ -12,3 +12,4 @@ If a version combination is missing from this table, **it is still very likely A
 | 1.20 (4.7) | 2.0.x | 1.x |
 | 1.21 (4.8) | 2.0.x | 1.x |
 | 1.21 (4.8) | 2.1.x | 1.x |
+| 1.23       | 2.4.0 | 1.x |
diff --git a/docs/installation.md b/docs/installation.md
index 63b8f4fe..b9acbb7e 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -1,29 +1,52 @@
-There are multiple ways to download and install argocd-vault-plugin depending on your use case.
+## Installing in Argo CD
 
-#### On Linux or macOS via Curl
-```
-curl -Lo argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/{version}/argocd-vault-plugin_{version}_{linux|darwin}_{amd64|arm64|s390x}
+In order to use the plugin in Argo CD you have 4 distinct options:
 
-chmod +x argocd-vault-plugin
+- Installation via `argocd-cm` ConfigMap
 
-mv argocd-vault-plugin /usr/local/bin
-```
+    - Download AVP in a volume and control everything as Kubernetes manifests
+        - Available as a pre-built Kustomize app: <https://github.com/argoproj-labs/argocd-vault-plugin/blob/main/manifests/cmp-configmap>
 
-#### On macOS via Homebrew
+    - Create a custom `argocd-repo-server` image with AVP and supporting tools pre-installed
 
-```
-brew install argocd-vault-plugin
-```
+- Installation via a sidecar container [(new, starting with Argo CD v2.4.0)](https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/#installing-a-cmp)
+
+    - Download AVP and supporting tools into a volume and control everything as Kubernetes manifests, using an off-the-shelf sidecar image
+
+        - Available as a pre-built Kustomize app: <https://github.com/argoproj-labs/argocd-vault-plugin/blob/main/manifests/cmp-sidecar>
+
+    - Create a custom sidecar image with AVP and supporting tools pre-installed
 
-#### Installing in Argo CD
+### Explaining your options
 
-In order to use the plugin in Argo CD you can add it to your Argo CD instance as a volume mount or build your own Argo CD image.
+First, the Argo CD docs provide valuable information on how to extend the `argocd-repo-server` with additonal tools or a custom built image: <https://argoproj.github.io/argo-cd/operator-manual/custom_tools/>.
 
-The Argo CD docs provide information on how to get started <https://argoproj.github.io/argo-cd/operator-manual/custom_tools/>.
+Before version 2.4.0 of Argo CD, the only way to install AVP was as an additional binary that ran inside the `argocd-repo-server` container when specifically told by including the following YAML in an Application mainfest:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app
+spec:
+  ... other fields
+  plugin:
+    name: argocd-vault-plugin
+```
+This is a perfectly fine method and will continue to work as long as Argo CD supports it. 
 
-*Note*: We have provided a Kustomize app that will install Argo CD and configure the plugin [here](https://github.com/argoproj-labs/argocd-vault-plugin/blob/main/manifests/).
+However, the Argo CD project has another method of using custom plugins which involves defining a [sidecar container](https://kubernetes.io/docs/concepts/workloads/pods/#workload-resources-for-managing-pods) for each individual plugin (this is a different container from the `argocd-repo-server` and will be the context in which the plugin runs), and having Argo CD decide which plugin to use based on the plugin definition:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app
+spec:
+  ... other fields
+  # No need to define `plugin` since Argo CD will figure it out!
+```
+There are some [security benefits to running this way](https://github.com/argoproj/argo-cd/issues/9083#issuecomment-1098517762), it may be [future proof](https://github.com/argoproj/argo-cd/issues/8117), and you don't have to explicitly tell Argo CD which plugin to use: it will auto-detect it, like it does for Helm or Kustomize based applications. On the other hand, it adds a bit more complexity and can make some argocd-vault-plugin integrations a bit trickier - see the [caveats section of the Usage page](../usage#running-argocd-vault-plugin-in-a-sidecar-container) for details.
 
-##### InitContainer
+### InitContainer and configuration via argocd-cm ConfigMap
 The first technique is to use an init container and a volumeMount to copy a different version of a tool into the repo-server container.
 ```yaml
 apiVersion: apps/v1
@@ -72,7 +95,7 @@ spec:
       automountServiceAccountToken: true
 ```
 
-##### Custom Image
+### Custom Image and configuration via argocd-cm ConfigMap
 The following example builds an entirely customized repo-server from a Dockerfile, installing extra dependencies that may be needed for generating manifests.
 
 ```Dockerfile
@@ -94,7 +117,7 @@ RUN apt-get update && \
 # Install the AVP plugin (as root so we can copy to /usr/local/bin)
 ENV AVP_VERSION=0.2.2
 ENV BIN=argocd-vault-plugin
-RUN curl -L -o ${BIN} https://github.com/IBM/argocd-vault-plugin/releases/download/v${AVP_VERSION}/argocd-vault-plugin_${AVP_VERSION}_linux_amd64
+RUN curl -L -o ${BIN} https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v${AVP_VERSION}/argocd-vault-plugin_${AVP_VERSION}_linux_amd64
 RUN chmod +x ${BIN}
 RUN mv ${BIN} /usr/local/bin
 
@@ -114,3 +137,200 @@ data:
 ```
 
 You can use ArgoCD Vault Plugin along with other Kubernetes configuration tools (Helm, Kustomize, etc). The general method is to have your configuration tool output YAMLs that are ready to apply to a cluster except for containing `<placeholder>`s, and then run the plugin on this output to fill in the secrets. See the [Usage page](../usage) for examples.
+
+### InitContainer and configuration via sidecar
+
+Define the plugin in a ConfigMap that will be mounted in the sidecar container
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cmp-plugin
+data:
+  avp.yaml: |
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - sh
+            - "-c"
+            - "find . -name '*.yaml' | xargs -I {} grep \"<path\\|avp\\.kubernetes\\.io\" {} | grep ."
+      generate:
+        command:
+          - argocd-vault-plugin
+          - generate
+          - "."
+      lockRepo: false
+---
+```
+
+Patch the argocd-repo-server to add an initContainer to download argocd-vault-plugin and define the sidecar. You can change the image from `registry.access.redhat.com/ubi8` to whatever is desired, so long as it [contains the needed binaries](../usage#running-argocd-vault-plugin-in-a-sidecar-container)
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      automountServiceAccountToken: true
+      volumes:
+        - configMap:
+            name: cmp-plugin
+          name: cmp-plugin
+        - name: custom-tools
+          emptyDir: {}
+      initContainers:
+      - name: download-tools
+        image: registry.access.redhat.com/ubi8
+        env:
+          - name: AVP_VERSION
+            value: 1.11.0
+        command: [sh, -c]
+        args:
+          - >-
+            curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin &&
+            chmod +x argocd-vault-plugin &&
+            mv argocd-vault-plugin /custom-tools/
+        volumeMounts:
+          - mountPath: /custom-tools
+            name: custom-tools
+      containers:
+      - name: avp
+        command: [/var/run/argocd/argocd-cmp-server]
+        image: registry.access.redhat.com/ubi8
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 999
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          - mountPath: /tmp
+            name: tmp
+          
+          # Register plugins into sidecar
+          - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+            subPath: avp.yaml
+            name: cmp-plugin
+
+          # Important: Mount tools into $PATH
+          - name: custom-tools
+            subPath: argocd-vault-plugin
+            mountPath: /usr/local/bin/argocd-vault-plugin
+```
+
+### Custom Image and configuration via sidecar
+Define the plugin in a ConfigMap that will be mounted in the sidecar container
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cmp-plugin
+data:
+  avp.yaml: |
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - sh
+            - "-c"
+            - "find . -name '*.yaml' | xargs -I {} grep \"<path\\|avp\\.kubernetes\\.io\" {} | grep ."
+      generate:
+        command:
+          - argocd-vault-plugin
+          - generate
+          - "."
+      lockRepo: false
+---
+```
+
+Define a sidecar image from a suitable base
+```Dockerfile
+FROM registry.access.redhat.com/ubi8
+
+# Switch to root for the ability to perform install
+USER root
+
+# Install tools needed for your repo-server to retrieve & decrypt secrets, render manifests
+# (e.g. curl, awscli, gpg, sops)
+RUN apt-get update && \
+    apt-get install -y \
+        curl \
+        awscli \
+        gpg && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Install the AVP plugin (as root so we can copy to /usr/local/bin)
+ENV AVP_VERSION=1.11.0
+ENV BIN=argocd-vault-plugin
+RUN curl -L -o ${BIN} https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v${AVP_VERSION}/argocd-vault-plugin_${AVP_VERSION}_linux_amd64
+RUN chmod +x ${BIN}
+RUN mv ${BIN} /usr/local/bin
+
+# Switch back to non-root user
+USER 999
+```
+
+Patch the argocd-repo-server to define the sidecar
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      automountServiceAccountToken: true
+      volumes:
+        - configMap:
+            name: cmp-plugin
+          name: cmp-plugin
+      containers:
+      - name: avp
+        command: [/var/run/argocd/argocd-cmp-server]
+        image: your-container-registry/your-custom-image
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 999
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          - mountPath: /tmp
+            name: tmp
+          
+          # Register plugins into sidecar
+          - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+            subPath: avp.yaml
+            name: cmp-plugin
+```
+
+## Installing locally
+### On Linux or macOS via Curl
+```
+curl -Lo argocd-vault-plugin https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/{version}/argocd-vault-plugin_{version}_{linux|darwin}_{amd64|arm64|s390x}
+
+chmod +x argocd-vault-plugin
+
+mv argocd-vault-plugin /usr/local/bin
+```
+
+### On macOS via Homebrew
+
+```
+brew install argocd-vault-plugin
+```
\ No newline at end of file
diff --git a/docs/usage.md b/docs/usage.md
index 1520f806..c4a24fd2 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -1,13 +1,13 @@
 ### Command Line
-The plugin can be used via the command line or any shell script. Since the plugin outputs yaml to standard out, you can run the `generate` command and pipe the output to `kubectl`.
+The plugin can be used via the command line or any shell script. Since the plugin outputs YAML to standard out, you can run the `generate` command and pipe the output to `kubectl`.
 
 `argocd-vault-plugin generate ./ | kubectl apply -f -`
 
-This will pull the values from Vault, replace the placeholders and then apply the yamls to whatever kubernetes cluster you are connected to.
+This will pull the values from the configured secret manager, replace the placeholders and then apply the YAMLs to whatever Kubernetes cluster you are connected to.
 
 You can also read from stdin like so:
 
-`cat example.yaml | argocd-vault-plugin generate - | kubectl apply -f -`
+`argocd-vault-plugin generate - < example.yaml | kubectl apply -f -`
 
 ### Argo CD
 Before using the plugin in Argo CD you must follow the [steps](installation.md#installing-in-argo-cd) to install the plugin to your Argo CD instance. Once the plugin is installed, you can use it 3 ways.
@@ -28,7 +28,7 @@ spec:
   source:
     path: .
     plugin:
-      name: argocd-vault-plugin
+      name: argocd-vault-plugin # Don't include this if installing via sidecar
     repoURL: http://your-repo/
     targetRevision: HEAD
   project: default
@@ -38,7 +38,10 @@ spec:
 `argocd app create you-app-name --config-management-plugin argocd-vault-plugin`
 
 #### With Helm
-If you want to use Helm along with argocd-vault-plugin, register a plugin in the `argocd-cm` ConfigMap like this:
+If you want to use Helm along with argocd-vault-plugin, use the instructions matching your [plugin installation method](../installation).
+
+##### Simple
+For `argocd-cm` ConfigMap configured plugins, add this to `argod-cm` ConfigMap:
 ```yaml
 configManagementPlugins: |
   - name: argocd-vault-plugin-helm
@@ -49,8 +52,36 @@ configManagementPlugins: |
       command: ["sh", "-c"]
       args: ["helm template $ARGOCD_APP_NAME . --install-crds | argocd-vault-plugin generate -"]
 ```
+For sidecar configured plugins, add this to `cmp-plugin` ConfigMap, and then [add a sidecar to run it](../installation#initcontainer-and-configuration-via-sidecar):
+```yaml
+  avp-helm.yaml: |
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin-helm
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - sh
+            - "-c"
+            - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
+      generate:
+        command:
+          - sh
+          - "-c"
+          - |
+            helm template $ARGOCD_APP_NAME --install-crds . |
+            argocd-vault-plugin generate -
+      lockRepo: false
+```
 
-If you want to use Helm along with argocd-vault-plugin and use additional helm args :
+##### With additional Helm arguments
+If you want to use Helm along with argocd-vault-plugin and use additional helm args,
+
+For `argocd-cm` ConfigMap configured plugins, add this to `argod-cm` ConfigMap:
 ```yaml
 configManagementPlugins: |
   - name: argocd-vault-plugin-helm
@@ -61,6 +92,31 @@ configManagementPlugins: |
       command: ["sh", "-c"]
       args: ["helm template $ARGOCD_APP_NAME ${helm_args} . --install-crds | argocd-vault-plugin generate -"]
 ```
+For sidecar configured plugins, add this to `cmp-plugin` ConfigMap, and then [add a sidecar to run it](../installation#initcontainer-and-configuration-via-sidecar):
+```yaml
+  avp-helm.yaml: |
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin-helm
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - sh
+            - "-c"
+            - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
+      generate:
+        command:
+          - sh
+          - "-c"
+          - |
+            helm template $ARGOCD_APP_NAME --install-crds -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |
+            argocd-vault-plugin generate -
+      lockRepo: false
+```
 
 Helm args must be defined in the application manifest:
 ```yaml
@@ -75,8 +131,10 @@ Helm args must be defined in the application manifest:
 
 **Note: Bypassing the parameters like this can be dangerous in a multi-tenant environment as it could allow for malicious injection of arbitrary commands. So be cautious when doing something like in a production environment. Ensuring proper permissions and protections is very important when doing something like this.** 
 
+##### With an inline values file
 Alternatively, if you'd like to use values inline in your application manifest (similar to the ArgoCD CLI's `--values-literal-file` option), you can create a plugin like this (note the use of `bash` instead of `sh` here):
 
+For `argocd-cm` ConfigMap configured plugins, add this to `argod-cm` ConfigMap:
 ```yaml
 configManagementPlugins: |
   - name: argocd-vault-plugin-helm
@@ -84,6 +142,31 @@ configManagementPlugins: |
       command: ["bash", "-c"]
       args: ['helm template "$ARGOCD_APP_NAME" -f <(echo "$HELM_VALUES") . | argocd-vault-plugin generate -']
 ```
+For sidecar configured plugins, add this to `cmp-plugin` ConfigMap, and then [add a sidecar to run it](../installation#initcontainer-and-configuration-via-sidecar):
+```yaml
+  avp-helm.yaml: |
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin-helm
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - sh
+            - "-c"
+            - "find . -name 'Chart.yaml' && find . -name 'values.yaml'"
+      generate:
+        command:
+          - bash
+          - "-c"
+          - |
+            helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE -f <(echo "$ARGOCD_ENV_HELM_VALUES") . |
+            argocd-vault-plugin generate -
+      lockRepo: false
+```
 
 Then you can define your Helm values inline in your application manifest:
 ```yaml
@@ -109,7 +192,10 @@ Then you can define your Helm values inline in your application manifest:
 ```
 
 #### With Kustomize
-If you want to use Kustomize along with argocd-vault-plugin, register a plugin in the `argocd-cm` ConfigMap like this:
+If you want to use Kustomize along with argocd-vault-plugin, use the instructions matching your [plugin installation method](../installation).
+
+
+For `argocd-cm` ConfigMap configured plugins, add this to `argod-cm` ConfigMap:
 ```yaml
 configManagementPlugins: |
   - name: argocd-vault-plugin-kustomize
@@ -117,9 +203,36 @@ configManagementPlugins: |
       command: ["sh", "-c"]
       args: ["kustomize build . | argocd-vault-plugin generate -"]
 ```
+For sidecar configured plugins, add this to `cmp-plugin` ConfigMap, and then [add a sidecar to run it](../installation#initcontainer-and-configuration-via-sidecar):
+```yaml
+  avp-kustomize.yaml: |
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin-kustomize
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - find
+            - "."
+            - -name
+            - kustomization.yaml
+      generate:
+        command:
+          - sh
+          - "-c"
+          - "kustomize build . | argocd-vault-plugin generate -"
+      lockRepo: false
+```
 
 #### With Jsonnet
-If you want to use Jsonnet along with argocd-vault-plugin, register a plugin in the `argocd-cm` ConfigMap like this:
+If you want to use Jsonnet along with argocd-vault-plugin, use the instructions matching your [plugin installation method](../installation).
+
+
+For `argocd-cm` ConfigMap configured plugins, add this to `argod-cm` ConfigMap:
 
 ```yaml
 configManagementPlugins: |
@@ -128,6 +241,30 @@ configManagementPlugins: |
       command: ["sh", "-c"]
       args: ["jsonnet . | argocd-vault-plugin generate -"]
 ```
+For sidecar configured plugins, add this to `cmp-plugin` ConfigMap, and then [add a sidecar to run it](../installation#initcontainer-and-configuration-via-sidecar):
+```yaml
+  avp-jsonnet.yaml: |
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: argocd-vault-plugin-kustomize
+    spec:
+      allowConcurrency: true
+      discover:
+        find:
+          command:
+            - find
+            - "."
+            - -name
+            - *.json
+      generate:
+        command:
+          - sh
+          - "-c"
+          - "jsonnet . | argocd-vault-plugin generate -"
+      lockRepo: false
+```
 
 The plugin will work with both YAML and JSON output from jsonnet.
 
@@ -138,5 +275,18 @@ If you want to load in a new value from your Secret Manager without making any n
 
 You can also use the `argocd app diff` command passing the `--hard-refresh` flag. This will run argocd-vault-plugin again and pull in the new values from you Secret Manager and then you can either have Auto Sync setup or Sync manually to apply the new values.
 
-### Caching the Vault Token
+### Caveats
+
+#### Caching the Hashicorp Vault Token
 The plugin tries to cache the Vault token obtained from logging into Vault on the `argocd-repo-server`'s container's disk, at `~/.avp/config.json` for the duration of the token's lifetime. This of course requires that the container user is able to write to that path. Some environments, like Openshift, will force a random user for containers to run with; therefore this feature will not work, and the plugin will attempt to login to Vault on every run. This can be fixed by ensuring the `argocd-repo-server`'s container runs with the user `argocd`.
+
+#### Running argocd-vault-plugin in a sidecar container
+As mentioned in the [Installation page](../installation), Argo CD has a newer method of installing custom plugins via sidecar containers to the `argocd-repo-server` deployment. Here are some caveats with running in this configuration:
+
+- Use an image that contains the binaries needed: if attempting to deploy Helm charts with argocd-vault-plugin, ensure the image either contains Helm and argocd-vault-plugin pre-installed, or has some logic to fetch it from somewhere. Unlike the `argocd-cm` ConfigMap based installation, the sidecar image is supplied by the user and is distinct from the one for the `argocd-repo-server`, which means previously pre-included binaries will be absent
+
+- An image with common CA certificates is recommended so that errors with untrusted TLS certificates from trying to retrieve remote Helm charts or Kustomize bases is avoided
+
+- Using `github` URLs (`github.com/*`) with Kustomize requires having `git` in the container, and will fail otherwise. Use a `raw.githubusercontent.com` URL as a workaround if installing `git` isn't an option
+
+- The `argocd-repo-server` container has a default limit, configuration key named `server.repo.server.timeout.seconds` in `argocd-cm` ConfigMap, of 60 seconds - this may need to be increased if lots of placeholders have to be processed for a given Application. The sidecar also has a default timeout, environment variable named `ARGOCD_EXEC_TIMEOUT` in the sidecar, of 90 seconds. This may also need to be increased. Details here: <https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/#using-a-cmp>
\ No newline at end of file