Consul Template Plugin

Suggest Edits

Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.

👍

Note

Akeyless developed API compatibility with Hashicorp Vault OSS, enabling the use of Vault OSS community plugins for both Static & Dynamic Secrets, you can find more information here

Prerequisites

  1. Set the Akeyless URL in the VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
  1. You'll need to configure the authentication token that Consul Template would use to fetch secrets from the Akeyless Platform.
    Set your Akeyless token in a file ~/.vault-token

You can either use Akelyess API Key in the following format as your Token:
A concatenation of your Access ID and your Access Key with two dots as a delimiter:
< Access ID >..< Access Key >, For example:p-jjdbbkbd..njRThf894chsBXnuh

Alternatively, to extract your authorization tokens directly using the Akelyess CLI auth command : 

akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}'>> ~/.vault-token

Configuring Consul Template Plugin

  1. Create a secret in Akeyless that you can further use in Consul Template:
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'

Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.

  1. Write to a template:
{{ with secret "secret/data/my-app/production" }}
 		adapter: xyzt 
    xyzt_your_secret_name: {{.Data.data.your_secret_name}}
    xyzt_your_secret_value: {{.Data.data.your_secret_value}}
{{ end }}

This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.

  1. Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt

    adapter: xyzt
    your_secret_name: abcd
    your_secret_value: 1234

📘

Info

Configuring Consul Template with Akeyless Gateway - For Zero-Knowledge please configure Akeyless Gateway and set VAULT_ADDR to your private Akeyless Gateway:
export VAULT_ADDR=https://your-akeyless-gw:8200

Updated about 2 months ago