Consul Template Plugin

Suggest Edits

Introduction

Consul Template is a key tool for generating configurations and managing infrastructure. Consul Template is a standalone application that renders data from Consul onto the file system.
The integration with Akeyless Vault allows users to seamlessly integrate secret data into the configurations.

The following figure depicts secrets fetching from Consult Template to Akeyless Vault:

Prerequisites

  1. Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io

Example:

export VAULT_ADDR=https://hvp.akeyless.io
  1. Now, you'll need to configure the authentication token that would be used by Consul Template to fetch secrets from Akeyless Vault
    Set your Akeyless token in ~/.vault-token
    Supported tokens:
  • Permanent token in the following structure: Access-ID+”..”+Access-Key, in example p-jjdbbkbd..njRThf894chsBXnuh
  • Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here.

Configuring Consul Template Plugin

  1. Create a secret in Akeyless Vault that you can further use in Consul Template. You can do this using CLI (to learn more about how to use Akeyless CLI, please read here) or UI.
    CLI 
akeyless create-secret --name my-app/production --value '{"your_secret_value":"1234","your_secret_name":"abcd"}'

UI

Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations.

  1. Write to a template:
{{ with secret "secret/data/my-app/production" }}
        adapter: xyzt 
    xyzt_your_secret_name: {{.Data.data.your_secret_name}}
    xyzt_your_secret_value: {{.Data.data.your_secret_value}}
{{ end }}

This example combines existing functionality of watching a key in Consul and the new vault function which queries a Akeyless Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets.

  1. Execute the template
consul-template -template="my.tmpl:output.txt" -once -dry
> output.txt

    adapter: xyzt
    your_secret_name: abcd
    your_secret_value: 1234

📘

Configuring Consul Template with Akeyless-Gateway

For zero-trust secret please configure Akeyless Gateway and set VAULT_ADDR to your private Akeyless-GW:
export VAULT_ADDR=https://your-akeyless-gw.com:8200

The following figure depicts secrets fetching from Consult Template to Akeyless Vault with Akeyless-GW:

Updated 5 months ago