Nomad
Use Vault in a job
Use a Vault namespace
This example job specifies to use the engineering
namespace in
Vault. The job authenticates to Vault using its workload identity with the
nomad-workloads
Vault role, reads the value at secret/foo, and fetches the
value for key bar
.
job "vault" {
group "demo" {
task "task" {
vault {
namespace = "engineering"
role = "nomad-workloads"
}
driver = "raw_exec"
config {
command = "/usr/bin/cat"
args = ["secrets/config.txt"]
}
template {
data = <<EOF
{{ with secret "secret/foo" }}
SOME_VAL={{.Data.bar}}
{{ end }}
EOF
destination = "secrets/config.txt"
}
}
}
}