Hey, I’ve got Vault working with Nomad. KVv2 stores need an extra item in the “with secret” section.
This:
{{ with secret "kv-v2/db" }}
POSTGRES_USER="{{ .Data.data.user }}"
Should be like:
{{ with secret "kv-v2/data/db" }}
POSTGRES_USER="{{ .Data.data.user }}"
Notice the “/data” between the mount point and the path.
Here’s the documentation on V1 vs V2 KV engines in the template docs: template Stanza - Job Specification | Nomad by HashiCorp
As noted, this also impacts the vault policies within Nomad.