I have launched a Vault and enabled Kubernetes auth method [this guide]
Following this guide, I have successfully created a file with a sample username/password pair in the etc/secrets/creds.txt
file.
I have also a sample python app, that reads its credentials from the app/creds.txt
path.
The concept is that the dockerfile copies the python code in the /app
folder and then the creds.txt
file is created dynamically from consul-template after the creds are retrieved from Vault.
The problem I encounter however is that when I try to instruct consul-template to create the creds.txt
file in /app
, it throws the following error:
2019/07/09 09:37:04.895212 [ERR] (cli) error rendering "(dynamic)" => "app/creds.txt": failed writing file: mkdir app: permission denied
Is there a way to bypass this restriction?
The configuration file for consul-template is the following:
vault {
renew_token = false
vault_agent_token_file = "/home/vault/.vault-token"
retry {
backoff = "1s"
}
}
template {
# destination = "etc/secrets/creds.txt"
destination = "app/creds.txt"
contents = <<EOH
{{- with secret "secret/app/config" }}
username = {{ .Data.username }}
password = {{ .Data.password }}
{{ end }}
EOH
}