2018-10-24 10:24:29 -04:00
---
2020-09-01 10:14:13 -05:00
layout: commands
2020-04-06 16:27:35 -04:00
page_title: 'Commands: ACL'
2023-01-26 12:42:13 -06:00
description: >-
2023-01-27 09:17:07 -06:00
The `consul acl` command exposes top-level commands for bootstrapping the ACL system, managing tokens and policies, and setting the tokens for use by an agent.
2018-10-24 10:24:29 -04:00
---
# Consul ACLs
Command: `consul acl`
The `acl` command is used to interact with Consul's ACLs via the command
line. It exposes top-level commands for bootstrapping the ACL system,
2023-01-27 09:17:07 -06:00
managing tokens and policies, and setting the
2018-10-24 10:24:29 -04:00
tokens for use by an agent.
2023-01-25 10:52:43 -06:00
ACLs are also accessible via the [HTTP API](/consul/api-docs/acl).
2018-10-24 10:24:29 -04:00
Bootstrap Consul's ACLs:
2020-05-19 14:32:38 -04:00
```shell-session
2018-10-24 10:24:29 -04:00
$ consul acl bootstrap
AccessorID: 4d123dff-f460-73c3-02c4-8dd64d136e01
SecretID: 86cddfb9-2760-d947-358d-a2811156bf31
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2018-10-22 11:27:04.479026 -0400 EDT
Policies:
00000000-0000-0000-0000-000000000001 - global-management
```
Create a policy:
2020-05-19 14:32:38 -04:00
```shell-session
2018-10-24 10:24:29 -04:00
$ consul acl policy create -name "acl-replication" -description "Token capable of replicating ACL policies" -rules 'acl = "read"'
ID: 35b8ecb0-707c-ee18-2002-81b238b54b38
Name: acl-replication
Description: Token capable of replicating ACL policies
Datacenters:
Rules:
acl = "read"
```
Create a token:
2020-05-19 14:32:38 -04:00
```shell-session
2018-10-24 10:24:29 -04:00
$ consul acl token create -description "Agent Policy Replication - my-agent" -policy-name "acl-replication"
AccessorID: c24c11aa-4e08-e25c-1a67-705a2e8d75a4
SecretID: e7024f9c-f016-02dd-6217-daedbffb86ac
Description: Agent Policy Replication - my-agent
Local: false
Create Time: 2018-10-22 11:34:49.960482 -0400 EDT
Policies:
35b8ecb0-707c-ee18-2002-81b238b54b38 - acl-replication
```
For more examples, ask for subcommand help or view the subcommand documentation
by clicking on one of the links in the sidebar.
## Usage
Usage: `consul acl <subcommand>`
For the exact documentation for your Consul version, run `consul acl -h` to
view the complete list of subcommands.
```text
Usage: consul acl <subcommand> [options] [args]
This command has subcommands for interacting with Consul's ACLs.
Here are some simple examples, and more detailed examples are available
in the subcommands or the documentation.
Bootstrap ACLs:
$ consul acl bootstrap
2019-05-01 16:11:23 -05:00
List all ACL tokens:
2018-10-24 10:24:29 -04:00
2018-10-29 09:33:42 +01:00
$ consul acl token list
2018-10-24 10:24:29 -04:00
2019-05-01 16:11:23 -05:00
Create a new ACL policy:
2018-10-24 10:24:29 -04:00
2019-02-01 09:16:36 -06:00
$ consul acl policy create -name "new-policy" \
2018-11-07 10:42:13 -08:00
-description "This is an example policy" \
-datacenter "dc1" \
-datacenter "dc2" \
2018-10-24 10:24:29 -04:00
-rules @rules.hcl
Set the default agent token:
$ consul acl set-agent-token default 0bc6bc46-f25e-4262-b2d9-ffbe1d96be6f
For more examples, ask for subcommand help or view the documentation.
Subcommands:
2019-05-01 16:11:23 -05:00
auth-method Manage Consul's ACL auth methods
binding-rule Manage Consul's ACL binding rules
2018-10-24 10:24:29 -04:00
bootstrap Bootstrap Consul's ACL system
2019-05-01 16:11:23 -05:00
policy Manage Consul's ACL policies
role Manage Consul's ACL roles
set-agent-token Assign tokens for the Consul Agent's usage
token Manage Consul's ACL tokens
2018-10-24 10:24:29 -04:00
```
For more information, examples, and usage about a subcommand, click on the name
of the subcommand in the sidebar or one of the links below: