Hi,
I’ve been looking through the docs for Vault AppRole and noticed in the tutorial page (AppRole Pull Authentication | Vault - HashiCorp Learn) for steps 6,7, and 8 it mentions using Nomad as a trusted entity to obtain and deliver the wrapped SecretID. However I am having trouble finding any documentation detailing how it could potentially be done…
How would one reasonably obtain the wrapped SecretID to be delivered into the workload itself using Nomad here? I am assuming it would be through some usage of the consul templates in the template stanza for that job definition? or would it be some out-of-band process?
2 Likes
I am looking for the same. Were you able to locate any documentation on or figure out how to do this?
From memory I don’t think I managed to figure it out in the end…
At the time I was working on building a GitLab CI/CD runner in Nomad and from memory got it kinda working by using the vault cli within my custom runner to provide the wrapped secretid, however I did not like that method very much and ended up moving away from this to use JWT job tokens in the runners, as it currently stands I still don’t have a reasonable way of getting these wrapped secretids in Nomad 
Since this thread has revived a little there may be a chance someone else knows and see this 