Vault with Consul - ACL token

Hi all,

Just a quick question on good practices/approaches really. I’m currently configuring an automated deployment of vault with a consul storage backend on EKS.

I’m using the helm charts to configure these but the whole thing is wrapped in ansible (to handle some secret creation and other bits and pieces). I’ve managed to get everything setup and working with all the ACL’s, TLS etc… so I’m quite happy so far.

Unless I’m mistaken, there’s a point in the process where I need to configure a policy and token in consul to allow vault access to the key/value store. I’d like this process to be automated too if possible.

I’ve written a bash script to accomplish this (basically a series of kubectl exec XXXX statements executed during the ansible run) where the secret token is captured and set as an env var in the vault pods. I was wondering if there was a better approach here?