Consul Template Plugin
Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.
Prerequisites
- Set the Akeyless URL in the
VAULT_ADDR
environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
- You'll need to configure the authentication token that Consul Template would use to fetch secrets from the Akeyless Platform.
Set your Akeyless token in a file~/.vault-token
You can either use Akelyess API Key in the following format as your Token:
A concatenation of your Access ID
and your Access Key
with two dots as a delimiter:
< Access ID >..< Access Key >
, For example:p-jjdbbkbd..njRThf894chsBXnuh
Alternatively, to extract your authorization tokens directly using the Akelyess CLI auth
command :
akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}'>> ~/.vault-token
Configuring Consul Template Plugin
- Create a secret in Akeyless that you can further use in Consul Template:
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'
Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.
- Write to a template:
{{ with secret "secret/data/my-app/production" }}
adapter: xyzt
xyzt_your_secret_name: {{.Data.data.your_secret_name}}
xyzt_your_secret_value: {{.Data.data.your_secret_value}}
{{ end }}
This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.
- Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt
adapter: xyzt
your_secret_name: abcd
your_secret_value: 1234
Configuring Consul Template with Akeyless-Gateway
For Zero-Knowledge please configure Akeyless Gateway and set
VAULT_ADDR
to your private GW:
export VAULT_ADDR=https://your-akeyless-gw:8200
Updated 5 months ago