2

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's service discovery.

This is the configuration doc regarding vault:

# This denotes the start of the configuration section for Vault. All values
# contained in this section pertain to Vault.
vault {
  # This is the address of the Vault leader. The protocol (http(s)) portion
  # of the address is required.
  address = "https://vault.service.consul:8200"

Is this a missing feature? Isn't it missing because I miss something like it's there and badly documented or that my approach misses something?

Now I am going to run a one-shot consul-template against consul to generate consul-template's vault config section before consul-template can really start.

Michuelnik
  • 3,260
  • 3
  • 18
  • 24
  • // , Why not just use the DNS interface to have consul-template fetch the active Vault servers from Consul? I mean, I suspect that for anything that Consul provides through its DNS interface, you can just put the relevant DNS in the template, right? – Nathan Basanese Jun 27 '18 at 20:51
  • @NathanBasanese: I should have included this in my question. I am asking this question because I wanted to avoid the integration efforts this would bring in my setup. (The template part is no problem, right.) – Michuelnik Jun 30 '18 at 18:26

0 Answers0