We have a TaskGroup with two or more tasks. One is responsible for generating certificates using an internal Certificate-gen client and storing them in the alloc/data directory. My other task (say Nginx) consumes these certs for TLS Termination. This setup works well, but given the sensitive nature of certs, we don’t want to display the certs/contents in UI.
So, are there any options for sharing secrets like files between tasks in a group
Hi @krundru, with ACLs enabled you should be able to craft ACL tokens for users without the permissions necessary for reading task directories / running commands in allocations.
It looks like there is no option in nomad to share sensitive files between tasks, and the secret directory is tightly coupled with Hashicorp tools
We need to have a direct secret directory on the parent alloc, and it should be hidden from UI/API like task level secret folder.
ACL can only hide the entire FS but not a specific file, and the hiding file system can result in poor developer experience.