Envconsul secret extra formatting

Imagine we have a third-party app that accepts DB credentials variables of the following format only:

When using Vault DB secret backend and the following Envconsul config file:

upcase = true
secret {
  no_prefix = true
  path      = "db/creds/app"

  format    = "DB_{{ key }}"

we get the following variables populated to the app:

Is there any way to make Envconsul format environment variable name a bit further than ‘SOMETHING_{{ key }}’?

I’ve tried a couple of Consul template Helper functions but they does not seem to work in Envconsul (according to the code)

Or any workarounds?

Hey Pavel,

I can only think of a couple workarounds. The first would be to change the field in vault. The second is to wrap the command in a shell script that re-assigns the variables to the names you want before exec-ing it.

Envconsul only uses consul-templates config, process management and watcher code. It doesn’t use/import any of the template features (as you found out).

Hope this helps.

Thank you John.

Unfortunately the first option is not relevant in this particular case since Vault DB secret backend returns specific field names (username, password). And as far as I am concerned there’s no way to override these, please correct me if I am wrong.

Sorry about that, I am not familiar with all the Vault storage back-ends. I just double checked and yeah… I don’t see a way to customize that on the Vault side of things. I guess that just leaves the wrapper method at this point.

If that doesn’t work or can’t work you could file a feature request issue on github and we can talk about the possibilities there.