Vault Process supervisor and template stanza

The new process supervisor mode for vault agent seems interesting, but I’m wondering : why is the template stanza incompatible with it (haven’t tested, but the doc mention it’s incompatible) ? I’d like to start using this to pass vault token to my Nomad servers, but I also need to obtain certificates (also from vault) for them. So, I’d need one template_env to render vault token as an env var passed to the child Nomad process, and some standard template stanza to render certificates as files. If this is not possible, I have to render vault token in a file (I can mitigate this by having vault agent wrap the token, and Nomad agent unwrap it on start, but having it directly as an env var would be even better)

1 Like

Hello. I’m also interested in running consul and nomad using vault agent to simplify their configuration and secret rotation. And this requires both configuration of templates and environment variables (for security). I hope this topic will not remain unanswered.