Skip to main content

Using Vault with Consul Template

Apr 29 2015Seth Vargo

Today we announce first-class support for Vault in Consul Template. Consul Template is a key tool for generating configurations and managing infrastructure, and we believe that Vault is going to change the way organizations think about and manage their secret data. As such, we are building first-class support for Vault in Consul Template. This allows users to seamlessly integrate secret data into the configurations.

Last October we announced Consul Template, a standalone application that renders data from Consul onto the file system. Since then, Consul Template has grown to new scales and is one of our most popular Consul tools. Today we are excited to bring an amazing new feature to Consul Template - first class support for Vault.

Announced yesterday, Vault is HashiCorp's newest open source tool that provides a unified solution for secure key and secret management complete with in-transit encryption, key rolling, key revocation, and detailed audit logs.

»Demo

Consul Template's powerful abstraction and templating language are perfect for creating dynamic configurations. Using Consul Template with Vault will feel friendly and familiar:

---
production:{{with $secret := vault "secret/my-app/production" }}
	adapter: postgresql
	host: {{key "my-app/production/host"}}
	username: {{$secret.Data.username}}
	password: {{$secret.Data.password}}
{{end}}

This example combines existing functionality of watching a key in Consul and the new vault function which queries a Vault instance for a secret. Consul Template transparently handles the authentication, retrieval, and renewal of secrets. You can read more about the new Vault integration in Consul Template's GitHub repository.

»Conclusion

Consul Template has changed the way organizations manage service discovery and configuration. Vault has changed the way organizations manage keys and secrets in distributed systems. Together Consul Template and Vault can be the foundation for service discovery and service configuration in the modern datacenter. Since both Vault and Consul Template are open source, you can view the source code and discover just how the integration works. Please join me in welcoming the newest integration to Consul Template!

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

Anonymize RAG data in IBM Granite and Ollama using HCP Vault
June 05 2025 | Products & Technology
Anonymize RAG data in IBM Granite and Ollama using HCP Vault

Learn how to configure tokenization and masking with HCP Vault's transform secrets engine for data and pass it to IBM Granite, Ollama, and Open WebUI for RAG.

HashiCorp Vault and FIPS 140-3: Strengthening security and compliance
June 04 2025 | Products & Technology
HashiCorp Vault and FIPS 140-3: Strengthening security and compliance

HashiCorp Vault now supports FIPS 140-3, the latest NIST standard for cryptographic modules.

Vault Radar, Boundary transparent sessions, and more at HashiDays 2025
June 03 2025 | Products & Technology
Vault Radar, Boundary transparent sessions, and more at HashiDays 2025

New Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations remediate and prevent secrets exposures, improve developer access experience, and improve service discovery.