mkam
commented
2 years ago Thanks for submitting this feature request! Wanted to point out that another alternative solution for setting the Consul token is to set it as an environment variable, either CONSUL_TOKEN or CONSUL_HTTP_TOKEN. If consul.token is not provided in the configuration, CTS will look at these two environment variables for the token.
This alternative doesn't solve the issue of not being able to load from Vault, but it would be a more secure solution than having it hardcoded in the configuration file.
Description
A clear and concise overview of the feature / enhancement.
Have the ability to dynamically load arguments into the consul block
For example, my token for consul is stored in Vault.. using vault provider i want to grab the token from vault.
consul { address = "192.168.86.70:8500" token = "{{ with secret \"secret/consul\" }}{{ .Data.data.token }}{{ end }}" }
Use Cases
Security perspective I want to store all my secrets in vault even the consul token.
Alternative Solutions
Current workaround is to have the token in clear text, which is not a good solution.