I want to create tokens with a template in vault agent.
It is working until I add the option for metadata.
Example: VAULT_TOKEN={§ with secret "/auth/token/create" "policies=auth-role-nomad" "metadata={attr1=value}" "no_default_policy=true" "ttl=96h" §}{§ .Auth.ClientToken §}{§ end §}
The error: Field validation failed: error converting input {attr1=value} for field "metadata": '' expected a map, got 'string'
I tried a lot of different formats but can’t find a worklng solution.
My question: What is the right syntax in the template for an attribute of type map?
The secret function in consul-template (which implements the template processing that Vault agent uses) is not capable submitting nested map values to the Vault API. The code, which can be seen here:
only supports string values.
It is not possible to use Vault agent, as currently written, to make this API call including metadata.