Inject secrets into Nomad job from vault - documentation issue
18 views
Skip to first unread message
david goodine
Dec 19, 2019, 12:56:01 PM12/19/19
to Nomad
The docs here show that an extra 'data' is needed in the secet path:
ie, if the vault path is "secrets/application/backend" then the path used in the template in the job is "secrets/data/application/backend"
However, these docs do not show that:
Do these need to be updated?
Brian Lalor
Dec 19, 2019, 1:37:43 PM12/19/19
to Nomad
The Vault path is going to depend on the type and version of the secret engine. “secrets/application/backend” is an appropriate path if the backend mounted at “secrets” is a v1 key/value backend. But if that backend is using v2, retrieving a key uses “secrets/data/application/backend”. https://www.vaultproject.io/docs/secrets/kv/index.html The docs aren’t necessarily wrong, but they do make an unstated assumption about the configuration of the backend (perhaps because they were written before v2 came about).
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/76ca29d7-2d8a-4108-a9dc-12d7c1a7dd20%40googlegroups.com.
Shantanu Gadgil
Dec 19, 2019, 11:03:05 PM12/19/19
to Nomad
I happened to be trying to setup Nomad + Vault for plain 'ol static secrets and boy was it confusing as most of the guides and learn docs are old.
After quite a bit of googling amd after piecing together things I finally got it working.
The Nomad docs just about mention the v2 kv thing in a single paragraph.
Also there are nuances around using the Vault storage backend (raft/consul) which you realize only later.
All in all, a learning experience, only as I got things working. If I wouldn't have got a working setup, I would have been very sad and depressed! ☺️☺️☺️
After quite a bit of googling amd after piecing together things I finally got it working.
The Nomad docs just about mention the v2 kv thing in a single paragraph.
Also there are nuances around using the Vault storage backend (raft/consul) which you realize only later.
All in all, a learning experience, only as I got things working. If I wouldn't have got a working setup, I would have been very sad and depressed! ☺️☺️☺️
Reply all
Reply to author
Forward
0 new messages