Beta

HashiCorp Certified: Consul Associate Certification

Access the Consul KeyValue KV

Using envconsul

Envconsul is a lightweight HashiCorp tool that launches a subprocess to populate environment variables from data stored in Consul or Vault. You can run envconsul alongside your application—either on the host or inside a container—so your app reads configuration at startup without any code changes.

The image explains "envconsul," a tool that sets environment variables from Consul and Vault, simplifying application integration by eliminating the need for apps to read sensitive data from config files.

Why Use Envconsul?

  • Eliminates clear-text config files containing secrets
  • Works with both Consul KV and Vault secrets
  • Requires no modifications to application source code
  • Compatible with containers (Docker, Kubernetes) and bare-metal deployments

Note

Envconsul only needs network access to your Consul or Vault cluster. You don’t need a full Consul agent on every host if you use a remote Consul server.

Key Features

FeatureUse CaseExample
-prefixLoad all keys under a KV pathenvconsul -prefix db01 env
-secrets-pathRetrieve Vault secretsenvconsul -secrets-path secret/app
Dynamic refreshWatch for changes and update environment variablesenvconsul -watch -prefix config
Template renderingRender Consul templates to filesenvconsul -template template.ctmpl:.env

Example: Loading Database Configuration

First, write sample KV entries into Consul:

consul kv put db01/DB_ADDRESS 10.2.23.98
consul kv put db01/DB_PORT 3306
consul kv put db01/DB_MAX_CONNS 50

Then invoke envconsul with the -prefix flag to export all db01 keys:

envconsul -prefix db01 env

Output:

DB_ADDRESS=10.2.23.98
DB_PORT=3306
DB_MAX_CONNS=50

These variables will be set in the environment before your application launches, allowing it to read typical database settings (host, port, max connections) without embedding secrets in code or config files.

Warning

When running inside containers, ensure your orchestration platform passes through the envconsul‐set environment variables to your application process. Failing to do so will result in missing config at runtime.

Envconsul Workflow

  1. Schedule or start a container (Docker, Kubernetes) or launch on the host.
  2. Execute envconsul as the entrypoint or sidecar alongside your application.
  3. Envconsul queries Consul KV store (or Vault) for requested keys.
  4. Consul (or Vault) returns the secret values.
  5. Envconsul exports these key–value pairs as environment variables.
  6. Your application starts and reads the environment variables normally.

The image is a flowchart explaining the process of "envconsul," showing steps from container scheduling to application launch, with interactions with a Consul cluster for environment variable population.

Watch Video

Watch video content

Previous
Using Consul Watch to Monitor Changes
Next
Demo Using Envconsul to monitor Changes to Consul KV