diff --git a/deployment.yaml b/deployment.yaml
index e69de29..fe5e103 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: keyvault2kube
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: keyvault2kube-secret-clusterrole
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    verbs: [ "list", "get" ]
+
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "update", "create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: keyvault2kube-secret-clusterrolebinding
+subjects:
+- kind: ServiceAccount
+  name: keyvault2kube
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: keyvault2kube-secret-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: keyvault2kube
+  namespace: kube-system
+  labels:
+    app: keyvault2kube
+    aadpodidbinding: keyvault2kube
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: keyvault2kube
+  template:
+    metadata:
+      labels:
+        app: keyvault2kube
+        aadpodidbinding: keyvault2kube
+    spec:
+      serviceAccountName: keyvault2kube
+      containers:
+        - name: keyvault2kube
+          image: terrycain/keyvault2kube:latest
+          env:
+          - name: KEY_VAULT_URLS
+            value: KEYVAULTURL
+---
+apiVersion: "aadpodidentity.k8s.io/v1"
+kind: AzureIdentity
+metadata:
+  name: keyvault2kube
+spec:
+  type: 0
+  resourceID: RESOURCEID
+  clientID: CLIENTID
+---
+apiVersion: "aadpodidentity.k8s.io/v1"
+kind: AzureIdentityBinding
+metadata:
+  name: keyvault2kube-identity-binding
+spec:
+  azureIdentity: keyvault2kube
+  selector: keyvault2kube
diff --git a/keyvault2kube/keyvault.py b/keyvault2kube/keyvault.py
index 2c0c22d..ab6c16f 100644
--- a/keyvault2kube/keyvault.py
+++ b/keyvault2kube/keyvault.py
@@ -18,7 +18,7 @@ def __init__(self, vault_url: str) -> None:
         self.logger = cast(pylogrus.PyLogrus, logging.getLogger("keyvault2kube.keyvault")).withFields(
             {"vault": vault_url}
         )
-        credential = cast(DefaultAzureCredential())
+        credential = DefaultAzureCredential()
         self._secret_client = SecretClient(vault_url=vault_url, credential=credential)
 
     def get_secrets(self) -> List[Secret]: