I’m not sure what the best practice for getting a token to nomad is when it’s running in a systemd service (without any platform integration, self hosted infra), I can’t directly start it with an environment variables
One of the examples puts the token into consul, but that’s probably not something you should do in production
Another option would be putting it into a file that gets picked up by systemd to inject the env variable
While you could do those with a short lived initial token, it doesn’t seem ideal
Also you have to get a new token every time the service restarts
Any help would be appreciated
I assume secure token wrt Vault?
I assume you would have seen this as well:
Yes the vault token for nomand, sorry if that wasn’t clear
I have seen that one, doesn’t help, I want an automated (best practice) way of getting the initial token to nomad
In that example they put it in the config which is not encouraged
Right, so you create a file for environment variabled, do you have any idea what vault-si is?
That’s seemingly what’s supposed to create the token, but the install script is never called and there’s no URL in it
It could be deprecated and merged into the “normal” vault binary. Maybe a developer can explain it.
would need a developer for that 