Secret function doesn't honour at-sign (@) to load file contents into an attribute #1489

tomwerneruk · 2021-07-01T19:32:43Z

Consul Template version

compiled from main @ commit 51401f3

Configuration

vault {
  address = "http://127.0.0.1:8200"
}

template {
  source      = "./in.tmpl"
  destination = "./out.cer"
}

{{ with secret "pki_int/sign/example-dot-com" "ttl=60s" "csr=@./MYCSR.csr" }}
{{ .Data.certificate }}
{{ end }}

Command

consul-template -template "in.tmpl:out.cer"
or
consul-template -config config.hcl

Expected behavior

The Vault convention of prefixing a file with an @ then causes the contents to be read and used as the value

Actual behavior

The string is used literally, passing the value '@./MYCSR.csr' to Vault, causing an HTTP 400

Steps to reproduce

Create a template and CSR as above
Configure Vault using https://learn.hashicorp.com/tutorials/vault/pki-engine?in=vault/secrets-management
Execute consul-template against Vault

The text was updated successfully, but these errors were encountered:

tomwerneruk mentioned this issue Jul 1, 2021

Add vault file handing to secret function #1490

Open

eikenb added enhancement hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration labels Jul 1, 2021

eikenb mentioned this issue Aug 31, 2022

use vault agent token when wrap_ttl is set #1636

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secret function doesn't honour at-sign (@) to load file contents into an attribute #1489

Secret function doesn't honour at-sign (@) to load file contents into an attribute #1489

tomwerneruk commented Jul 1, 2021

Secret function doesn't honour at-sign (@) to load file contents into an attribute #1489

Secret function doesn't honour at-sign (@) to load file contents into an attribute #1489

Comments

tomwerneruk commented Jul 1, 2021

Consul Template version

Configuration

Command

Expected behavior

Actual behavior

Steps to reproduce