[ASK] Vault Agent vs Consul Template

Hi all,

If I want to render secret and pki (short lived) from vault server and use it to run nomad and or consul agent (in client mode) in an ec2 instance, what tools I need to use ?

from what I know we can use consul-template or vault agent, but I’m still confuse why the 2 tools exist with same function? can anyone enlightenment me?

any pros and cons about the 2 tools ?

Thanks in advance…

consul-template is just a markup language that renders output based on templates. It’s badly named. Any product can use it.

Vault agent, is an tool that can authenticate to Vault and keep your token and auth fresh for you. The agent also optionally exposes your valid token and/or allow you to use “consul-template” to render your secrets in a format that your application can consume easily. Without using consul-template you would have to modify your application/code to consume the secrets directly from Vault – which is good but not every application can be made Vault aware directly.

1 Like

Thanks for your tldr @aram

There is a official client side agent to render templates that is consul-template which sounds similar in functionality to Vault agent template rendering feature.
I would like to know what’s the difference between consul-template and Vault Agent template rendering.