I’m wondering if I’m missing something here, but I recently connected my Concourse instance with Hashicorp Vault, and it seems like tasks are now very tightly coupled with secrets.
Before using a credential manager, my pipeline would pass values to a
task file using a
vars block. This allowed for renaming of values from the main pipeline to the task, thus allowing the task to be more generic.
vars: access_key_id: ((special_user_access_key_id))
If I keep the same block above, but now use it with the credential store, I get an error when the task runs saying:
Expected to find variables: special_user_access_key_id
If I delete the
vars block, and rename the expected interpolation in the task, it runs just fine. The problem though is as mentioned at the start, that the task definition is now tightly coupled with secret credential names. For common tasks that might be run with different contexts(different teams) this makes things pretty difficult.
I’m hoping I’m just missing something. If so, can someone please point me in the right direction to get this sorted out?