Consul Template Plugin

Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.


  1. Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=
  1. Now, you'll need to configure the authentication token that would be used by Consul Template to fetch secrets from Akeyless Vault
    Set your Akeyless token in ~/.vault-token
    Supported tokens:
  • Permanent token in the following structure: Access-ID+”..”+Access-Key, in example p-jjdbbkbd..njRThf894chsBXnuh
  • Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.

Configuring Consul Template Plugin

  1. Create a secret in Akeyless Vault that you can further use in Consul Template. You can do this using CLI (to learn more about how to use Akeyless CLI, please read here) or UI.
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'



Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.

  1. Write to a template:
{{ with secret "secret/data/my-app/production" }}
        adapter: xyzt 
    xyzt_your_secret_name: {{}}
    xyzt_your_secret_value: {{}}
{{ end }}

This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.

  1. Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt

    adapter: xyzt
    your_secret_name: abcd
    your_secret_value: 1234


Configuring Consul Template with Akeyless-Gateway

For Zero-Knowledge please configure Akeyless Gateway and set VAULT_ADDR to your private GW:
export VAULT_ADDR=https://your-akeyless-gw:8200

Did this page help you?