From 7857c5746f721dc8c02964b259a3dd3ff72c19e4 Mon Sep 17 00:00:00 2001 From: Ranjandas Date: Tue, 23 Mar 2021 15:51:56 +1100 Subject: [PATCH] Document agent token policy requirement for rexec The Agent token policy when using rexec should have `write` on "_rexec" key prefix. Updated the exec command documentation to explicitly state this requirement. --- website/content/commands/exec.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/content/commands/exec.mdx b/website/content/commands/exec.mdx index 33253f5181..ca793daa05 100644 --- a/website/content/commands/exec.mdx +++ b/website/content/commands/exec.mdx @@ -41,6 +41,8 @@ execute this command. | `key:write` | `"_rexec"` prefix | | `event:write` | `"_rexec"` prefix | +In addition to the above, the policy associated with the [agent token](https://www.consul.io/docs/security/acl/acl-system#acl-agent-token) should have `write` on `"_rexec"` key prefix. This is for the agents to read the `exec` command and write its output back to the KV store. + ## Usage Usage: `consul exec [options] [-|command...]`