I transformed my existing packer JSON to an HCL file using the “hcl2_upgrade” command. In the converted HCL file the following lines are added for the Vault variables:

could not parse template for following block: “template: hcl2_upgrade:4: function “vault” not defined”

variable “vcenter_admin” {
type = string
default = “{{vault kv/packer/ vc_username}}”
}

When run a packer build I’ve got the following error:

Error: render ‘password’: template: root:1:2: executing “root” at <vault kv/packer vc_password>: error calling vault: Vault vars are only allowed in the variables section in:

{{vault kv/packer vc_password}}

on w10-20h2.pkr.hcl line 125:
(source code not available)

Q: What do I need to change in my HCL file to make the Vault integration getting working again?

Does anyone have a suggestion?

I believe you need to use locals instead of input variables:

Thanks. Using locals did the trick.

As an addition, for people bumping into this issue after converting from json to hcl, that’s also because the syntax of the vault function is different between them, for example:

JSON: "{{ vault /infra/vsphere/data/packer password}}"
HCL: vault("/infra/vsphere/data/packer", "password")

As depicted here: vault - Functions - Configuration Language | Packer | HashiCorp Developer

The error log is a bit confusing, as it only say that we should use Vault in the variables section, and the only answer I could find is this one, hence my little addition to the original answer