I have a jobspec file with multiple tasks. One of which is a "poststop" task. To be able to inject secrets from Vault, I defined the vault stanza on the task group level. The main task runs fine. However the poststop task fails with
"Can't request Vault token for terminal allocation" .
Any way to get around this problem, and inject secret into the template of the poststop task? My jobspec file: job "my-task" {
group "my-task-group" {
vault {
policies = ["my-policy-name"]
env = true
}
task "main-task" {
service {
name = "my-service"
}
driver = "docker"
user = "root"
config {
image = "..."
...
}
template {
data = <<EOF
{% raw %}{{with secret "secrets/data/foo/bar/my-secret-this-works-fine"}}{{.Data.data.my_secret}}{{end}}{% endraw %}
EOF
destination = "local/works-fine.txt"
}
}
task "task-that-fails" {
lifecycle {
hook = "poststop"
sidecar = false
}
driver = "exec"
template {
data = <<EOF
{% raw %}{{with secret "secrets/data/foo/bar/my-secret-this-fails"}}{{.Data.data.my_secret_fails}}{{end}}{% endraw %}
EOF
destination = "local/will-fail.txt"
}
config {
command = "bash"
args = ["..."]
}
}
}
}
