--- layout: commands page_title: 'Commands: ACL Token Read' --- # Consul ACL Token Read Command: `consul acl token read` Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/token/:AccessorID](/consul/api-docs/acl/tokens#read-a-token) The `acl token read` command reads and displays a token details. The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of [blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | | ------------ | | `acl:read` | ## Usage Usage: `consul acl token read [options] [args]` #### Command Options - `-id=` - The ID of the policy to read. It may be specified as a unique ID prefix but will error if the prefix matches multiple policy IDs. - `-meta` - Indicates that policy metadata such as the content hash and raft indices should be shown for each entry. - `-self` - Indicates that the current HTTP token should be read by secret ID instead of expecting a -id option. - `-expanded` - Indicates that the contents of the policies and roles affecting the token should also be shown. - `-format={pretty|json}` - Command output format. The default value is `pretty`. #### Enterprise Options @include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' #### API Options @include 'http_api_options_client.mdx' @include 'http_api_options_server.mdx' ## Examples Get token details: ```shell-session $ consul acl token read -id 986 AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d SecretID: ec15675e-2999-d789-832e-8c4794daa8d7 Description: Read Nodes and Services Local: false Create Time: 2018-10-22 15:33:39.01789 -0400 EDT Policies: 06acc965-df4b-5a99-58cb-3250930c6324 - node-services-read ``` Get token details using the token secret ID: ```shell $consul acl token read -self AccessorID: 4d123dff-f460-73c3-02c4-8dd64d136e01 SecretID: 86cddfb9-2760-d947-358d-a2811156bf31 Description: Bootstrap Token (Global Management) Local: false Create Time: 2018-10-22 11:27:04.479026 -0400 EDT Policies: 00000000-0000-0000-0000-000000000001 - global-management ``` Get token details (Builtin Tokens) ```shell-session $ consul acl token read -id anonymous AccessorID: 00000000-0000-0000-0000-000000000002 SecretID: anonymous Description: Anonymous Token Local: false Create Time: 0001-01-01 00:00:00 +0000 UTC Policies: ``` Get token details (Expanded) ```shell-session $ consul acl token read -expanded -id 986 AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d SecretID: ec15675e-2999-d789-832e-8c4794daa8d7 Description: Read Nodes and Services Local: false Create Time: 2018-10-22 15:33:39.01789 -0400 EDT Policies: Policy Name: foo ID: beb04680-815b-4d7c-9e33-3d707c24672c Description: user policy on token Rules: service_prefix "" { policy = "read" } Policy Name: bar ID: 18788457-584c-4812-80d3-23d403148a90 Description: other user policy on token Rules: operator = "read" === End of Authorizer Layer 0: Token === === Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) === Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults Resolved By Agent: "leader" Default Policy: allow Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration) Down Policy: deny Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration) ```