John Eikenberry
John Eikenberry
I went simple with my change in CT and just added the unwrapTTL call to the VaultAgentTokenQuery. I'm going to give it more thought when I port it to hashicat...
Wait. That won't work as the token in the file is wrapped and the VaultAgentTokenQuery doesn't unwrap it either. I'm going to refactor a bit to add common SetToken wrapper...
Another refactoring done.
> Your latest commit isn't /quite/ right, since it will still result in the watcher attempting to unwrap the wrapped token, but the unwrap will fail because we've already unwrapped...
FYI... the docs were misleading and there is no differentiation. It always returns the same error whether provided with a already unwrapped token or garbage. Not surprising though. Deleting the...
Thinking about this I'm wondering why not just always try to unwrap a secret, use the returned secret if given otherwise just go on with the token as if it...
In my experiences audit logs are pure noise that you need to sift/filter for anything interesting. But.. there is the option already and we could just keep that to eliminate...
It'd be pretty easy to eliminate the additional check at startup, so it doesn't always try twice. Only need to have the VaultAgentTokenQuery skip updating the token on first use...
Hey @phemmer, thanks for taking the time to file this ticket. The behavior is as intended as each value being monitored separately and triggers the template when it gets a...
Hey @erolg, thanks for taking the time to file (no pun intended) this issue. The [file](https://github.com/hashicorp/consul-template#file) template function *only* reads/outputs the plain text of the file by design, it does...