Nomad unable to retrieve secret from vault

arjunlibrian · September 20, 2022, 12:59am

Hello,
I am trying to use vault secrets in my nomad job file to set authentication for redis. I have a policy in vault with the read permission set. My consul template stanza look something like this:
template {
data = template {
data = <<EOH
{{ with secret “secret/data/db” }}
REDIS_PASSWORD=“{{ .Data.data.REDIS_PASS }}”
{{ end }}{{ end }}
EOH

    destination = "secrets/file.env"
    env         = true
  }

Job spec:
job “redis” {
datacenters = [“dc1”]
group “redis” {
count = 1
vault {
policies = [“nomad_redis”]
}
network {
mode = “host”
port “db” { to = 6379 }
}
task “redis” {
driver = “docker”
config {
image = “redis:6.2”
ports = [“db”]

    command = "redis-server"
    args    = ["/etc/redis.conf", "--requirepass","$REDIS_PASSWORD" ]

How do I pass the same variable name “REDIS_PASSWORD” from template as the arguments
?

jrasell · September 20, 2022, 8:16am

Hi @arjunlibrian,

You can use environment variable interpolation to inject the password into the args array. Your args array would end up looking like:

args = ["/etc/redis.conf", "--requirepass", "${env["REDIS_PASSWORD"]}" ]

Thanks,
jrasell and the Nomad team

Topic		Replies	Views
Consuming Vault Secret On Nomad Job Task Nomad vault	4	2061	April 8, 2021
Nomad Vault Integration Nomad vault	4	543	May 27, 2022
Trying to set up vault for secret management in cluster already running nomad an consult Nomad vault	0	293	August 16, 2022
Issue on passing vault secrets to nomad Nomad vault	0	243	March 20, 2023
How to pass Vault secrets to a docker container as arguments? Nomad testing	1	1553	October 6, 2021

Nomad unable to retrieve secret from vault

Related topics