How to use raw data from vault

I’m trying to add the vault PKI CA cert to ca-certificates.crt on my hosts so they trust the vault generated certs.

I’m using this template:

{{ with secret "pki/ca/pem" }}
{{ . }}
{{ end }}

However I get this error: 2020/02/27 20:08:54.607664 [WARN] (view) vault.read(pki/ca/pem): vault.read(pki/ca/pem): invalid character '-' in numeric literal (retry attempt 1 after "250ms")

I’m guessing that it’s expecting the normal vault data structure back from the API call, however that endoint returns a raw PEM file so the JSON decode is failing.

Is there a way to get consul-template to not try to decode raw data?

It’s a little annoying that vault is inconsistent like this.

Thanks!

-brian

Why don’t you use vault agent template instead? https://www.vaultproject.io/docs/agent/template/

Or maybe I understood something wrong from your consul-template comment… :thinking:

Reading that page and looking at the examples it appears as though I’ll have the same issue. It’s expecting the fetched data to be a JSON document and in the case of pki/ca/pem it doesn’t return JSON.