I am just getting started with Consul via HCP. I’m trying to get a consul client to connect to the Consul cluster running on HCP. My issue at the moment is how to handle the ACL tokens. (As additional context, I’m using Terraform’s nomad_cluster module with install-consul and install-nomad).
I am curious about best practises for configuring the Consul client automatically.
The Consul HCP cluster is provisioned via Terraform. I am storing the consul_client_config and consul_ca_file in AWS Secrets Manager.
When the Consul client starts up, it pulls this consul_ca_file and consul_client_config from AWS Secrets Manager. This part works well. The part I am struggling with is how to automate the configuration of the agent ACL token.
I’ve taken a look at
auto_config but I am struggling with seeing how to set that up with Consul HCP. I’ve also considered just creating the ACL token manually, then putting this in another AWS secret, which the client can also pull on boot.
Any guidance is much appreciated.