3.2 KiB

layout page_title sidebar_current
docs Commands: ACL docs-commands-acl

Consul ACLs

Command: consul acl

The acl command is used to interact with Consul's ACLs via the command line. It exposes top-level commands for bootstrapping the ACL system, managing tokens and policies, translating legacy rules, and setting the tokens for use by an agent.

ACLs are also accessible via the HTTP API.

Bootstrap Consul's ACLs:

$ consul acl bootstrap
AccessorID:   4d123dff-f460-73c3-02c4-8dd64d136e01
SecretID:     86cddfb9-2760-d947-358d-a2811156bf31
Description:  Bootstrap Token (Global Management)
Local:        false
Create Time:  2018-10-22 11:27:04.479026 -0400 EDT
Policies:
   00000000-0000-0000-0000-000000000001 - global-management

Create a policy:

$ consul acl policy create -name "acl-replication" -description "Token capable of replicating ACL policies" -rules 'acl = "read"'
ID:           35b8ecb0-707c-ee18-2002-81b238b54b38
Name:         acl-replication
Description:  Token capable of replicating ACL policies
Datacenters:
Rules:
acl = "read"

Create a token:

$ consul acl token create -description "Agent Policy Replication - my-agent" -policy-name "acl-replication"
AccessorID:   c24c11aa-4e08-e25c-1a67-705a2e8d75a4
SecretID:     e7024f9c-f016-02dd-6217-daedbffb86ac
Description:  Agent Policy Replication - my-agent
Local:        false
Create Time:  2018-10-22 11:34:49.960482 -0400 EDT
Policies:
   35b8ecb0-707c-ee18-2002-81b238b54b38 - acl-replication

For more examples, ask for subcommand help or view the subcommand documentation by clicking on one of the links in the sidebar.

Usage

Usage: consul acl <subcommand>

For the exact documentation for your Consul version, run consul acl -h to view the complete list of subcommands.

Usage: consul acl <subcommand> [options] [args]

  This command has subcommands for interacting with Consul's ACLs.
  Here are some simple examples, and more detailed examples are available
  in the subcommands or the documentation.

  Bootstrap ACLs:

      $ consul acl bootstrap

  List all ACL tokens:

      $ consul acl token list

  Create a new ACL policy:

      $ consul acl policy create -name "new-policy" \
                                 -description "This is an example policy" \
                                 -datacenter "dc1" \
                                 -datacenter "dc2" \
                                 -rules @rules.hcl

  Set the default agent token:

      $ consul acl set-agent-token default 0bc6bc46-f25e-4262-b2d9-ffbe1d96be6f

  For more examples, ask for subcommand help or view the documentation.

Subcommands:
    auth-method        Manage Consul's ACL auth methods
    binding-rule       Manage Consul's ACL binding rules
    bootstrap          Bootstrap Consul's ACL system
    policy             Manage Consul's ACL policies
    role               Manage Consul's ACL roles
    set-agent-token    Assign tokens for the Consul Agent's usage
    token              Manage Consul's ACL tokens
    translate-rules    Translate the legacy rule syntax into the current syntax

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar or one of the links below: