Consul Template Plugin
Introduction
Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.
The following figure depicts secrets fetching from Consult Template to Akeyless Vault:
Prerequisites
- Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
Example:
export VAULT_ADDR=https://hvp.akeyless.io
- Now, you'll need to configure the authentication token that would be used by Consul Template to fetch secrets from Akeyless Vault
Set your Akeyless token in ~/.vault-token
Supported tokens:
- Permanent token in the following structure: Access-ID+”..”+Access-Key, in example p-jjdbbkbd..njRThf894chsBXnuh
- Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.
Configuring Consul Template Plugin
- Create a secret in Akeyless Vault that you can further use in Consul Template. You can do this using CLI (to learn more about how to use Akeyless CLI, please read here) or UI.
CLI
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'
UI
Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.
- Write to a template:
{{ with secret "secret/data/my-app/production" }}
adapter: xyzt
xyzt_your_secret_name: {{.Data.data.your_secret_name}}
xyzt_your_secret_value: {{.Data.data.your_secret_value}}
{{ end }}
This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.
- Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt
adapter: xyzt
your_secret_name: abcd
your_secret_value: 1234
Configuring Consul Template with Akeyless-Gateway
For zero-trust secret please configure Akeyless Gateway and set VAULT_ADDR to your private Akeyless-GW:
export VAULT_ADDR=https://your-akeyless-gw.com:8200
The following figure depicts secrets fetching from Consult Template to Akeyless Vault with Akeyless-GW:
Updated 10 months ago