Consul-template: Disable Vault Integration

Good Morning,

I’m trying to start consul-template with an user loged into vault (the file ~/.vault-token exists), when that happens consul-template starts trying to request a token renewal from vault.
As I have not setted up vault on consul-template it cause warns on boths applications (consul-template and vault):

Sep 26 09:26:54 XXXXXX vault: 2019-09-26T09:26:54.272+0200 [INFO]  http: TLS handshake error from 127.0.0.1:52774: remote error: tls: bad certificate
Sep 26 09:26:56 XXXXXX consul-template: 2019/09/26 07:26:56.806353 [WARN] vault.token: failed to renew: Put https://127.0.0.1:8200/v1/auth/token/renew-self: x509: certificate signed by unknown authority
Sep 26 09:26:56 XXXXXX consul-template: 2019/09/26 07:26:56.806411 [WARN] vault.token: renewer done (maybe the lease expired)
Sep 26 09:26:56 XXXXXX vault: 2019-09-26T09:26:56.807+0200 [INFO]  http: TLS handshake error from 127.0.0.1:52778: remote error: tls: bad certificate

I’ve been reading the docs and I haven’t found the way to stop it unless I remove this file, is there another way to achieve that?

Have you tried adding the parameter -vault-renew-token=false when you launch consul-template?

2 Likes

If -vault-renew-token=false doesn’t work, you can use -vault-agent-token-file to override the filename it is using to get it to ignore your .vault-token file . You should be able to set it to an empty string or a non-existing file.

2 Likes