Consul Template Plugin

Suggest Edits

Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.

Prerequisites

  1. Set the Akeyless URL in the VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
  1. You'll need to configure the authentication token that Consul Template would use to fetch secrets from the Akeyless Platform.
    Set your Akeyless token in a file ~/.vault-token

You can either use Akelyess API Key in the following format as your Token:
A concatenation of your Access ID and your Access Key with two dots as a delimiter:
< Access ID >..< Access Key >, For example:p-jjdbbkbd..njRThf894chsBXnuh

Alternatively, to extract your authorization tokens directly using the Akelyess CLI auth command : 

akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}'>> ~/.vault-token

Configuring Consul Template Plugin

  1. Create a secret in Akeyless that you can further use in Consul Template:
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'

Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.

  1. Write to a template:
{{ with secret "secret/data/my-app/production" }}
        adapter: xyzt 
    xyzt_your_secret_name: {{.Data.data.your_secret_name}}
    xyzt_your_secret_value: {{.Data.data.your_secret_value}}
{{ end }}

This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.

  1. Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt

    adapter: xyzt
    your_secret_name: abcd
    your_secret_value: 1234

📘

Configuring Consul Template with Akeyless-Gateway

For Zero-Knowledge please configure Akeyless Gateway and set VAULT_ADDR to your private GW:
export VAULT_ADDR=https://your-akeyless-gw:8200

Updated 5 months ago