ENV Variables wiped when losing connection to Vault

Overview of our current Setup:

  • Apps Deployed on Nomad
  • Secrets Stored in Vault
  • Apps deployed using Waypoint

Currently, we are seeing if our vault token expires or goes down that the environment variables are getting updated via the waypoint entrypoint that then restarts the apps, and causes the apps to fail since without the expected environment variables.

Is there a setting that if we get a 403/500 ect from vault to just keep the stale credentials for the app or not reset the values? Unfortunate that currently an expired vault token will take down all of our applications.

Hi @rlandingham,

Happy to help figure out the best way forward for you. How are you configuring the vault config sourcer with a token? Are you specifying a static token or using auth_method?

Hey @evanphx,

Thanks for jumping in so quick. We are currently setting vault batch tokens like so:

waypoint config source-set -type=vault -config="addr=${VAULT_ADDR}" -config="token=<token>"