HashiCorp Certified: Consul Associate Certification
Access the Consul KeyValue KV
Using envconsul
Envconsul is a lightweight HashiCorp tool that launches a subprocess to populate environment variables from data stored in Consul or Vault. You can run envconsul alongside your application—either on the host or inside a container—so your app reads configuration at startup without any code changes.
Why Use Envconsul?
- Eliminates clear-text config files containing secrets
- Works with both Consul KV and Vault secrets
- Requires no modifications to application source code
- Compatible with containers (Docker, Kubernetes) and bare-metal deployments
Note
Envconsul only needs network access to your Consul or Vault cluster. You don’t need a full Consul agent on every host if you use a remote Consul server.
Key Features
Feature | Use Case | Example |
---|---|---|
-prefix | Load all keys under a KV path | envconsul -prefix db01 env |
-secrets-path | Retrieve Vault secrets | envconsul -secrets-path secret/app |
Dynamic refresh | Watch for changes and update environment variables | envconsul -watch -prefix config |
Template rendering | Render Consul templates to files | envconsul -template template.ctmpl:.env |
Example: Loading Database Configuration
First, write sample KV entries into Consul:
consul kv put db01/DB_ADDRESS 10.2.23.98
consul kv put db01/DB_PORT 3306
consul kv put db01/DB_MAX_CONNS 50
Then invoke envconsul with the -prefix
flag to export all db01
keys:
envconsul -prefix db01 env
Output:
DB_ADDRESS=10.2.23.98
DB_PORT=3306
DB_MAX_CONNS=50
These variables will be set in the environment before your application launches, allowing it to read typical database settings (host, port, max connections) without embedding secrets in code or config files.
Warning
When running inside containers, ensure your orchestration platform passes through the envconsul‐set environment variables to your application process. Failing to do so will result in missing config at runtime.
Envconsul Workflow
- Schedule or start a container (Docker, Kubernetes) or launch on the host.
- Execute envconsul as the entrypoint or sidecar alongside your application.
- Envconsul queries Consul KV store (or Vault) for requested keys.
- Consul (or Vault) returns the secret values.
- Envconsul exports these key–value pairs as environment variables.
- Your application starts and reads the environment variables normally.
Links and References
Watch Video
Watch video content