At my job we had a forced migration to Nomad after using K8s/Helm successfully for awhile.
Our developers have been pretty unimpressed with the lack of tooling/paved roads into deploying Nomad applications. Particularly around the handling of environment variables and secrets. As mentioned, we used Helm which allows for config maps and has tight integration with Vault.
Nomad has a strange concept called dynamic environment variables to pull variables from Vault and Consul. These are different than regular environment variables (why?) and require awful template syntax for adding env vars from Consul/Vault. There is no way to lint or check syntax/values. I was expecting much better integration considering these are all HashiCorp products.
The other solutions involving JSON files, S3, importing via consul kv
are just insanity. Right now we have to paste environment variables back and forth between separate files, some in JSON format, some in the strange template HCL format. No concise syntax.
Is this really the best we have with Nomad for an environment variable/secret solution?