Packer error when retrieving path / field from vault

Based on the documentation, I haven’t been able to figure out why I cannot retrieve a field.

This is the relevent segment in my packer build file (HCL)

locals {
  bucket_extension = vault("/dev/grey/aws/bucket_extension", "value")

You can see that its possible for me to retrieve the data from the field/key named ‘value’ at the path:

admin:~/environment/firehawk-main-rollout/firehawk-main/modules/deadline-db-ami ((c0a07d1...)) $ vault kv get -field=value /dev/grey/aws/bucket_extension

But in the same shell I cannot pull this data in the Packer build.

admin:~/environment/firehawk-main-rollout/firehawk-main/modules/deadline-db-ami ((c0a07d1...)) $ ./ 
Found bastion_ubuntu18_ami in manifest: PKR_VAR_bastion_ubuntu18_ami=ami-08583ca2aa0204e9e
Error: Error in function call

  on /home/ec2-user/environment/firehawk-main-rollout/firehawk-main/modules/deadline-db-ami/deadline-db.pkr.hcl line 44:
  (source code not available)

Call to function "vault" failed: Vault data was empty at the given path.
Warnings: Invalid path for a versioned K/V secrets engine. See the API docs for
the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv get'
for this operation..

Is the secret engine under the path /dev a versioned one? Meaning k/v version 2?

And if so, the path should be


for API calls (seems that Packer is using the API instead of the cli).

1 Like

Yes it is kv2, thanks for your reply @Wolfsrudel. I’ll try that out!

This worked out, thanks!

1 Like