Cannot create credentials file in specific folder with consul-template

7/9/2019

I have launched a Vault and enabled Kubernetes auth method [this guide]

Following this guide, I have successfully created a file with a sample username/password pair in the etc/secrets/creds.txt file.

I have also a sample python app, that reads its credentials from the app/creds.txt path.

The concept is that the dockerfile copies the python code in the /app folder and then the creds.txt file is created dynamically from consul-template after the creds are retrieved from Vault.

The problem I encounter however is that when I try to instruct consul-template to create the creds.txt file in /app, it throws the following error:

2019/07/09 09:37:04.895212 [ERR] (cli) error rendering "(dynamic)" => "app/creds.txt": failed writing file: mkdir app: permission denied

Is there a way to bypass this restriction?

The configuration file for consul-template is the following:

vault {
  renew_token = false
  vault_agent_token_file = "/home/vault/.vault-token"
  retry {
    backoff = "1s"
  }
}

template {
  # destination = "etc/secrets/creds.txt"
  destination = "app/creds.txt"

  contents = <<EOH
  {{- with secret "secret/app/config" }}
  username = {{ .Data.username }}
  password = {{ .Data.password }}
  {{ end }}
  EOH

}
-- Kostas Demiris
consul-template
hashicorp-vault
kubernetes

0 Answers