ENV Variables wiped when losing connection to Vault

rlandingham · July 29, 2022, 3:59pm

Overview of our current Setup:

Apps Deployed on Nomad
Secrets Stored in Vault
Apps deployed using Waypoint

Situation:
Currently, we are seeing if our vault token expires or goes down that the environment variables are getting updated via the waypoint entrypoint that then restarts the apps, and causes the apps to fail since without the expected environment variables.

Is there a setting that if we get a 403/500 ect from vault to just keep the stale credentials for the app or not reset the values? Unfortunate that currently an expired vault token will take down all of our applications.

evanphx · July 29, 2022, 4:09pm

Hi @rlandingham,

Happy to help figure out the best way forward for you. How are you configuring the vault config sourcer with a token? Are you specifying a static token or using auth_method?

dwanek · July 29, 2022, 5:07pm

Hey @evanphx,

Thanks for jumping in so quick. We are currently setting vault batch tokens like so:

waypoint config source-set -type=vault -config="addr=${VAULT_ADDR}" -config="token=<token>"