Consul Template Plugin

Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless allows users seamlessly to integrate secret data into the configurations.



Akeyless developed API compatibility with Hashicorp Vault OSS, enabling the use of Vault OSS community plugins for both Static & Dynamic Secrets, you can find more information here


  1. Set the Akeyless URL in the VAULT_ADDR environment variable:
export VAULT_ADDR=
  1. You'll need to configure the authentication token that Consul Template would use to fetch secrets from Akeyless Platform. Set your Akeyless token in a file ~/.vault-token

You can either use Akelyess API Key in the following format as your Token:
A concatenation of your Access ID and your Access Key with two dots as a delimiter: < Access ID >..< Access Key >, For example:p-xxxxx..accessKey

Alternatively, to extract your authorization tokens directly using the Akelyess CLI auth command :

akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}'>> ~/.vault-token

Configuring Consul Template Plugin

  1. Create a secret in Akeyless that you can further use in the Consul Template:
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'

Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.

  1. Write to a template:
{{ with secret "secret/data/my-app/production" }}
 		adapter: xyzt 
    xyzt_your_secret_name: {{}}
    xyzt_your_secret_value: {{}}
{{ end }}

This example combines the existing functionality of watching a key in Consul and the new function that queries Akeyless Platform for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.

  1. Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt

    adapter: xyzt
    your_secret_name: abcd
    your_secret_value: 1234



Configuring Consul Template with Akeyless Gateway - For Zero-Knowledge please configure Akeyless Gateway and set VAULT_ADDR to your private Akeyless Gateway:
export VAULT_ADDR=https://Your-Akeyless-Gateway:8200