How to access the secret_id of tokens

[nosammai]

Using the provided example code to generate consul tokens for each host, there doesn't seem to be a way in puppet to access the randomly generated secret_id of the tokens for use in config files/etc. I would rather not have to pre-generate tokens and store in encrypted hiera for thousands of hosts.

I see someone else asked a similar question a while back #472 that didn't get answered.

What is the correct way to access the secret_id of a token created by a consul_token resource?

How to reproduce (e.g Puppet code you use)

  consul_token { $facts['networking']['hostname']:
    accessor_id => fqdn_uuid($facts['networking']['hostname']),
    policies_by_name => ["${facts['networking']['hostname']}"],
    acl_api_token => $acl_api_token,
  }
  notify { 'test': message => "The secret is ${Consul_token[$facts['networking']['hostname']]['secret_id']}", require => Consul_token[$facts['networking']['hostname']] }

What are you seeing

Notice: /Stage[main]/Consul::Acl::Agent/Notify[test]/message: defined 'message' as 'The secret is '

What behaviour did you expect instead

Notice: /Stage[main]/Consul::Acl::Agent/Notify[test]/message: defined 'message' as 'The secret is eac61c66-39dd-49ce-b63f-f21ae2b0c8d7'

[XerockXMG]

Ran into this issue as well.

What I ended up doing, was setting a Hiera value of %{facts.networking.fqdn}.someLettersHereForSalt' and passed that into fqdn_uuid() as the secret_id for the token. This allowed me to encrypt just 1 value that would dynamically change based on server.

This way I could just set the agent token to the same lookup value and have things work while staying encrypted.