Trying to inject sercets from vault to job.
Followed the docs and added template with a line {{with secret nomad/test}}. On running this fails by giving error secret function not defined.
Any idea what might be going wrong? Updated nomad and vault to latest versions as well.
Hi. You have to be more specific. Show your job, your commands, your error.
what might be going wrong?
What you have written in your Nomad job specification might be wrong. Show your Nomad job specification.
On running this fails by giving error secret function not defined.
What is the exact full verbatim unmodified message that you are getting? Where are you getting the message?
On server.hcl, I added following block:
vault {
enabled = true
address = "address-of-vault"
token = "token-generated-for-policy-used-in-job"
}
and here’s the job file:
job "docs" {
datacenters = ["dc1"]
group "example" {
network {
port "http" {
static = "5678"
}
}
task "server" {
driver = "docker"
config {
image = "hashicorp/http-echo"
ports = ["http"]
args = [
"-listen",
":5678",
"-text",
"hello world",
]
}
template {
data = <<EOF
{{ with secret "vault-access/data/tokens" }}
VAULT_SECRET_URL="{{ .Data.data.vault_secret }}"
{{ end }}
EOF
destination = "secrets/vault.env"
env = true
}
service {
provider = "nomad"
}
vault {
policies = ["vault-tokens-policy"]
change_mode = "signal"
change_signal = "SIGHUP"
}
}
}
}
on running nomad run <job.hcl>, it breaks on the line 133 (where template is) by giving following error:
secret function not defined