diff --git a/pkg/common/common.go b/pkg/common/common.go
index 97e1394..d13ce8a 100644
--- a/pkg/common/common.go
+++ b/pkg/common/common.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2024 Cisco
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/common/config.go b/pkg/common/config.go
index fabc66b..4262a5e 100644
--- a/pkg/common/config.go
+++ b/pkg/common/config.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Cisco
+// Copyright © 2024 Cisco
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/provider/bao/client_logger.go b/pkg/provider/bao/client_logger.go
index 8fad68d..91c99d7 100644
--- a/pkg/provider/bao/client_logger.go
+++ b/pkg/provider/bao/client_logger.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Bank-Vaults Maintainers
+// Copyright © 2024 Cisco
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/provider/bao/config.go b/pkg/provider/bao/config.go
index bd700f2..8620580 100644
--- a/pkg/provider/bao/config.go
+++ b/pkg/provider/bao/config.go
@@ -1,4 +1,4 @@
-// Copyright © 2021 Banzai Cloud
+// Copyright © 2024 Cisco
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/pkg/webhook/configmap.go b/pkg/webhook/configmap.go
index 2cebf18..fdf3389 100644
--- a/pkg/webhook/configmap.go
+++ b/pkg/webhook/configmap.go
@@ -27,13 +27,13 @@ import (
 	"github.com/bank-vaults/secrets-webhook/pkg/provider/vault"
 )
 
-func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap, configs []interface{}) error {
+func (mw *MutatingWebhook) MutateConfigMap(configMap *corev1.ConfigMap) error {
 	// do an early exit if no mutation is needed
 	if !configMapNeedsMutation(configMap) {
 		return nil
 	}
 
-	for _, config := range configs {
+	for _, config := range mw.providerConfigs {
 		switch providerConfig := config.(type) {
 		case vault.Config:
 			currentlyUsedProvider = vault.ProviderName
diff --git a/pkg/webhook/object.go b/pkg/webhook/object.go
index 8cc03db..f21a9ea 100644
--- a/pkg/webhook/object.go
+++ b/pkg/webhook/object.go
@@ -81,10 +81,10 @@ func sliceIterator(s []interface{}) iterator {
 	return c
 }
 
-func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured, configs []interface{}) error {
+func (mw *MutatingWebhook) MutateObject(object *unstructured.Unstructured) error {
 	mw.logger.Debug(fmt.Sprintf("mutating object: %s.%s", object.GetNamespace(), object.GetName()))
 
-	for _, config := range configs {
+	for _, config := range mw.providerConfigs {
 		switch providerConfig := config.(type) {
 		case vault.Config:
 			currentlyUsedProvider = vault.ProviderName
diff --git a/pkg/webhook/pod.go b/pkg/webhook/pod.go
index ab32557..101d5ff 100644
--- a/pkg/webhook/pod.go
+++ b/pkg/webhook/pod.go
@@ -35,10 +35,10 @@ import (
 
 const SecretInitVolumeName = "secret-init"
 
-func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, webhookConfig common.Config, secretInitConfig common.SecretInitConfig, dryRun bool, configs []interface{}) error {
+func (mw *MutatingWebhook) MutatePod(ctx context.Context, pod *corev1.Pod, webhookConfig common.Config, secretInitConfig common.SecretInitConfig, dryRun bool) error {
 	mw.logger.Debug("Successfully connected to the API")
 
-	for _, config := range configs {
+	for _, config := range mw.providerConfigs {
 		switch providerConfig := config.(type) {
 		case vault.Config:
 			currentlyUsedProvider = vault.ProviderName
diff --git a/pkg/webhook/pod_test.go b/pkg/webhook/pod_test.go
index a1dc969..294f3fc 100644
--- a/pkg/webhook/pod_test.go
+++ b/pkg/webhook/pod_test.go
@@ -1800,8 +1800,9 @@ func Test_mutatingWebhook_mutatePod(t *testing.T) {
 				t.Errorf("parseProviderConfigs() error = %v, wantErr %v", err, ttp.wantErr)
 				return
 			}
+			mw.providerConfigs = providerConfigs
 
-			err = mw.MutatePod(context.Background(), ttp.args.pod, ttp.args.webhookConfig, ttp.args.secretInitConfig, false, providerConfigs)
+			err = mw.MutatePod(context.Background(), ttp.args.pod, ttp.args.webhookConfig, ttp.args.secretInitConfig, false)
 			if (err != nil) != ttp.wantErr {
 				t.Errorf("MutatingWebhook.MutatePod() error = %v, wantErr %v", err, ttp.wantErr)
 				return
diff --git a/pkg/webhook/secret.go b/pkg/webhook/secret.go
index a880395..5ae60f6 100644
--- a/pkg/webhook/secret.go
+++ b/pkg/webhook/secret.go
@@ -55,8 +55,8 @@ type dockerAuthConfig struct {
 	RegistryToken string `json:"registrytoken,omitempty"`
 }
 
-func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret, configs []interface{}) error {
-	for _, config := range configs {
+func (mw *MutatingWebhook) MutateSecret(secret *corev1.Secret) error {
+	for _, config := range mw.providerConfigs {
 		switch providerConfig := config.(type) {
 		case vault.Config:
 			currentlyUsedProvider = vault.ProviderName
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
index b8113a6..61ef2ea 100644
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -51,10 +51,11 @@ import (
 var currentlyUsedProvider string
 
 type MutatingWebhook struct {
-	k8sClient kubernetes.Interface
-	namespace string
-	registry  ImageRegistry
-	logger    *slog.Logger
+	k8sClient       kubernetes.Interface
+	namespace       string
+	registry        ImageRegistry
+	logger          *slog.Logger
+	providerConfigs []interface{}
 }
 
 func (mw *MutatingWebhook) SecretsMutator(ctx context.Context, ar *model.AdmissionReview, obj metav1.Object) (*mutating.MutatorResult, error) {
@@ -69,19 +70,20 @@ func (mw *MutatingWebhook) SecretsMutator(ctx context.Context, ar *model.Admissi
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse provider configs: %w", err)
 	}
+	mw.providerConfigs = configs
 
 	switch v := obj.(type) {
 	case *corev1.Pod:
-		return &mutating.MutatorResult{MutatedObject: v}, mw.MutatePod(ctx, v, webhookConfig, secretInitConfig, ar.DryRun, configs)
+		return &mutating.MutatorResult{MutatedObject: v}, mw.MutatePod(ctx, v, webhookConfig, secretInitConfig, ar.DryRun)
 
 	case *corev1.Secret:
-		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateSecret(v, configs)
+		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateSecret(v)
 
 	case *corev1.ConfigMap:
-		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateConfigMap(v, configs)
+		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateConfigMap(v)
 
 	case *unstructured.Unstructured:
-		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateObject(v, configs)
+		return &mutating.MutatorResult{MutatedObject: v}, mw.MutateObject(v)
 
 	default:
 		return &mutating.MutatorResult{}, nil
@@ -248,11 +250,18 @@ func parseProviderConfigs(obj metav1.Object, ar *model.AdmissionReview, provider
 	for _, providerName := range providers {
 		switch providerName {
 		case vaultprov.ProviderName:
-			vaultConfig, err := vaultprov.ParseConfig(obj, ar)
+			config, err := vaultprov.ParseConfig(obj, ar)
 			if err != nil {
 				return nil, errors.Wrap(err, "failed to parse vault config")
 			}
-			configs = append(configs, vaultConfig)
+			configs = append(configs, config)
+
+		case baoprov.ProviderName:
+			config, err := baoprov.ParseConfig(obj, ar)
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to parse bao config")
+			}
+			configs = append(configs, config)
 
 		default:
 			return nil, errors.Errorf("unknown provider: %s", providerName)