consul/website/source/docs/commands/acl/auth-method/create.html.md.erb

69 lines
2.0 KiB
Plaintext

---
layout: "docs"
page_title: "Commands: ACL Auth Method Create"
sidebar_current: "docs-commands-acl-auth-method-create"
---
# Consul ACL Auth Method Create
Command: `consul acl auth-method create`
The `acl auth-method create` command creates new auth methods.
## Usage
Usage: `consul acl auth-method create [options] [args]`
#### API Options
<%= partial "docs/commands/http_api_options_client" %>
<%= partial "docs/commands/http_api_options_server" %>
#### Command Options
* `-description=<string>` - A description of the auth method.
* `-meta` - Indicates that auth method metadata such as the raft indices should
be shown for each entry.
* `-name=<string>` - The new auth method's name. This flag is required.
* `-type=<string>` - The new auth method's type. This flag is required.
* `-kubernetes-ca-cert=<string>` - PEM encoded CA cert for use by the TLS
client used to talk with the Kubernetes API. May be prefixed with '@' to
indicate that the value is a file path to load the cert from. This flag is
required for `-type=kubernetes`.
* `-kubernetes-host=<string>` - Address of the Kubernetes API server. This flag
is required for `-type=kubernetes`.
* `-kubernetes-service-account-jwt=<string>` - A Kubernetes service account JWT
used to access the TokenReview API to validate other JWTs during login. This
flag is required for `-type=kubernetes`.
#### Enterprise Options
<%= partial "docs/commands/http_api_namespace_options" %>
## Examples
Create a new Kubernetes auth method:
```sh
$ consul acl auth-method create -name minikube -type kubernetes \
-description 'minikube auth method' \
-kubernetes-host 'https://192.0.2.42:8443' \
-kubernetes-ca-cert '@minikube-ca.crt' \
-kubernetes-service-account-jwt 'eyJhbGciOiJSUzI1NiIsImtpZCI...'
Name: minikube
Type: kubernetes
Description: minikube auth method
Config:
{
"CACert": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
"Host": "https://192.0.2.42:8443",
"ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI..."
}
```