I have built a test environment for a Proof of Concept for the company I work for with Consul, Nomad and Vault (Hashistack).
I have everything working, but my main issue is how to consume kv1 secrets that I have created on Vault on Nomad job files. I’ve tried using nomad job description templates with consul-template syntax (
https://github.com/hashicorp/consul-template/blob/master/docs/templating-language.md#secret), and tested pretty much all the examples that we can find in the Nomad docs/tutorials pages.
I am trying to run the docker container (using driver docker) from a private repo. So I’m trying to use Vault to manage the password as a secret. I’ve already tested run the job hardcoding the credentials and it works, so the problem is consuming the secrets from Vault.
Also, I can read the secrets using vault command (eg: vault kv get) and with the API using curl.
Does anyone have a working example of a job description file consuming Vault secrets?
Is there a way to check if Nomad is correctly requesting secrets from Vault? I’ve tried to get logs from the allocations but it is never descriptive.