Template auth/token/create "metadata": '' expected a map, got 'string'

I want to create tokens with a template in vault agent.

It is working until I add the option for metadata.
Example:
VAULT_TOKEN={§ with secret "/auth/token/create" "policies=auth-role-nomad" "metadata={attr1=value}" "no_default_policy=true" "ttl=96h" §}{§ .Auth.ClientToken §}{§ end §}

The error:
Field validation failed: error converting input {attr1=value} for field "metadata": '' expected a map, got 'string'

I tried a lot of different formats but can’t find a worklng solution.

My question:
What is the right syntax in the template for an attribute of type map?

Regards
Thorsten

The secret function in consul-template (which implements the template processing that Vault agent uses) is not capable submitting nested map values to the Vault API. The code, which can be seen here:

only supports string values.

It is not possible to use Vault agent, as currently written, to make this API call including metadata.

1 Like

Not the answer I expected but good to know that it is not working with a template.

Thanks for the fast answer.