consul-template and Consul dynamic secrets

[Russell Roy]

I'm attempting to use CT to retrieve a dynamically generated Consul token from Vault and then use that as CT's token (if you follow my meaning.)

Here's my template:

token = "{{ with secret "consul/creds/ct" }}{{ .Data.token }}{{ end }}"

And the template config

template {
  source = "./templates/token.hcl.ctmpl"
  destination = "./config/token.hcl"
  command = "pkill -SIGHUP $PPID"
}

That.. kinda works... `token.hcl` is created ok but when CT reloads the secret is regenerated.   Which defeats the whole point.   This is supposed to be a one-time operation and then CT would (should) renew the lease on the token thereafter (that renewal on the dynamic secret is the real point of this exercise.)

Why should SIGHUP cause the secret to be re-retrieved?

Maybe I'm trying to get too fancy here.

- Russell

[James Phillips]

For reference, this one made it into a feature request here -
https://github.com/hashicorp/consul-template/issues/733.

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/consul-tool/8665415e-e628-4744-95b4-2e702e333e00%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.