diff --git a/vault/README.md b/vault/README.md
index 8175fdd..0d55a87 100644
--- a/vault/README.md
+++ b/vault/README.md
@@ -36,24 +36,6 @@ module "vault" {
 }
 ```
 
-### Configure Vault integration and automatically fetch secrets from Vault
-
-Configure Vault integration and automatically fetch secrets from Vault and inject them into the workspace environment. This works by specifying the `secrets` variable with a list of secrets paths and keys to fetch from Vault. Multiple secrets can be specified by using a map of secret paths to a list of keys to fetch from each secret. For more information, see the [Vault documentation](https://www.vaultproject.io/api-docs/secret/kv/kv-v2#read-secret-version).
-
-````hcl
-For more information, see the [Vault documentation](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
-
-```hcl
-module "vault" {
-    source     = "https://registry.coder.com/modules/vault"
-    vault_addr = "https://vault.example.com"
-    secrets    = {
-        "secret/data/foo" = ["FOO", "BAR"]
-        "secret/data/bar" = ["BAZ"]
-    }
-}
-````
-
 ### Configure Vault integration and install a specific version of the Vault CLI
 
 ```hcl
diff --git a/vault/main.tf b/vault/main.tf
index 1cb11ab..df94ec2 100644
--- a/vault/main.tf
+++ b/vault/main.tf
@@ -26,25 +26,6 @@ variable "vault_auth_id" {
   default     = "vault"
 }
 
-variable "secrets" {
-  type        = map(object({ secrets = list(string), file = string }))
-  description = <<EOF
-  description = "A map of secret paths, secret names, and destination files."
-  e.g,
-  {
-    "secret/data/my-secret-1" = {
-      "secrets" = ["username", "password"]
-      "file" = "secrets.env"
-    },
-    "secret/data/my-secret-2" = {
-      "secrets" = ["username", "password"]
-      "file" = "secrets2.env"
-    }
-  }
-  EOF 
-  default     = {}
-}
-
 variable "vault_cli_version" {
   type        = string
   description = "The version of Vault to install."
@@ -64,7 +45,6 @@ resource "coder_script" "vault" {
     VAULT_ADDR : var.vault_addr,
     VAULT_TOKEN : data.coder_git_auth.vault.access_token,
     VERSION : var.vault_cli_version,
-    SECRETS : replace(replace(jsonencode(var.secrets), "\"", "\\\""), "/", "_")
   })
   run_on_start = true
 }
diff --git a/vault/run.sh b/vault/run.sh
index 7c688ac..fb67e2f 100644
--- a/vault/run.sh
+++ b/vault/run.sh
@@ -61,26 +61,3 @@ if [[ -f ~/.config/fish/config.fish ]] && ! grep -q "VAULT_ADDR" ~/.config/fish/
     printf "\nAdding VAULT_ADDR to ~/.config/fish/config.fish ...\n"
     echo "set -x VAULT_ADDR ${VAULT_ADDR}" >> ~/.config/fish/config.fish
 fi
-
-
-
-# Skip fetching secrets if SECRETS is {}
-if [ "${SECRETS}" = "{}" ]; then
-    exit 0
-fi
-
-printf "🔍 Fetching secrets ...\n\n"
-for key in $(echo "${SECRETS}" | jq -r "keys[]" ); do
-    formatted_key=$(echo "$${key}" | tr '_' '/')
-    secrets=$(echo "${SECRETS}" | jq -r ".$${key}.secrets[]")
-    file=$(echo "${SECRETS}" | jq -r ".$${key}.file")
-    printf "Fetching secrets from $${formatted_key} ...\n"
-    for secret in $${secrets}; do
-        value=$(vault kv get -format=json $${formatted_key} | jq -r ".data.data.$${secret}")
-        # create directory if it doesn't exist
-        mkdir -p $(dirname $${file})
-        printf "$${secret}=$${value}\n" >> $${file}
-    done
-    printf "\n"
-done
-