# template

Template blocks configure the vHSM Agent to fetch secrets and render them into files. Each template uses [Consul Template syntax](https://developer.hashicorp.com/vault/docs/agent-and-proxy/agent/template?utm_source=chatgpt.com) to define what content is written. Multiple `template` stanzas can be specified to manage different files.

**Example**

```hcl
template {
  source      = "/etc/vhsm/templates/vhsm-token.ctmpl"
  destination = "/run/enclaive/vhsm-token.json"
}
```

**Parameters**

* **`source`** *(string, required if `contents` is not used)*\
  Path to a `.ctmpl` template file that defines how the secret should be rendered. Either `source` or `contents` must be specified.
* **`destination`** *(string, required)*\
  The file path where the rendered output will be written. This is mandatory for every template block.
* **`contents`** *(string, optional)*\
  An inline template definition written directly in the configuration file. Useful for small templates or when you don’t want to manage a separate `.ctmpl` file. Cannot be used at the same time as `source`.
* **`create_dest_dirs`** *(boolean, optional, default: `true`)*\
  Controls whether missing parent directories for the `destination` file are automatically created. If set to `false`, rendering fails if directories are missing.
* **`command`** *(string, optional)*\
  A command to execute after the template has been successfully rendered. This is often used to reload or restart an application so it can use the new secret.
* **`perms`** *(string, optional)*\
  File permission mode to apply to the rendered file, expressed in standard UNIX notation (e.g., `"0640"`).
* **`err_missing_key`** *(boolean, optional, default: `false`)*\
  Determines behavior when the template references a missing key. If `true`, rendering fails with an error. If `false`, the missing key renders as empty.
* **`left_delimiter` / `right_delimiter`** *(string, optional)*\
  Defines custom delimiters for template markers. Defaults are `{{` and `}}`. These are useful if the template content conflicts with another templating system that also uses curly braces.

#### Template File Example (`vhsm-token.ctmpl`)

```hcl
{{ with secret "auth/token/lookup-self" -}}
{
  "client_token": "{{ .Data.id }}",
  "ttl": "{{ .Data.ttl }}"
}
{{ end }}
```

This template queries the secret at `auth/token/lookup-self` and renders selected metadata fields into JSON. When combined with the `template` block above, the vHSM Agent writes the following output to `/run/enclaive/vhsm-token.json`:

```json
{
  "client_token": "hvs.XXXXXXXX",
  "ttl": "768h"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/template.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.