github.com/hernad/nomad@v1.6.112/e2e/vaultsecrets/input/secrets.nomad (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  job "secrets" {
     5    datacenters = ["dc1", "dc2"]
     6  
     7    constraint {
     8      attribute = "${attr.kernel.name}"
     9      value     = "linux"
    10    }
    11  
    12    group "group" {
    13  
    14      meta {
    15        test_deploy = "DEPLOYNUMBER"
    16      }
    17  
    18      task "task" {
    19  
    20        driver = "docker"
    21  
    22        config {
    23          image   = "busybox:1"
    24          command = "/bin/sh"
    25          args    = ["-c", "sleep 300"]
    26        }
    27  
    28        vault {
    29          policies = ["access-secrets-TESTID"]
    30        }
    31  
    32        template {
    33          data = <<EOT
    34  {{ with secret "pki-TESTID/issue/nomad" "common_name=nomad.service.consul" "ip_sans=127.0.0.1" }}
    35  {{- .Data.certificate -}}
    36  {{ end }}
    37  EOT
    38  
    39          destination = "${NOMAD_SECRETS_DIR}/certificate.crt"
    40          change_mode = "noop"
    41        }
    42  
    43        template {
    44          data = <<EOT
    45  SOME_SECRET={{ with secret "secrets-TESTID/data/myapp" }}{{- .Data.data.key -}}{{end}}
    46  EOT
    47  
    48          destination = "${NOMAD_SECRETS_DIR}/access.key"
    49        }
    50  
    51        resources {
    52          cpu    = 128
    53          memory = 64
    54        }
    55      }
    56  
    57    }
    58  }