Florian Apolloner 077b0a48a3
Allow Operator Generated bootstrap token (#14437)
Add support to provide an initial token via the bootstrap HTTP API, similar to hashicorp/nomad#12520
2023-01-04 20:19:33 +00:00

53 lines
1.8 KiB
Plaintext

---
layout: commands
page_title: 'Commands: ACL Bootstrap'
---
# Consul ACL Bootstrap
Command: `consul acl bootstrap`
Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/bootstrap](/api-docs/acl#bootstrap-acls)
The `acl bootstrap` command generates a new token with unlimited privileges to use
for management purposes and outputs the token's details. Optionally, you can provide a Secret ID to use instead of generating a completely new token. You can create this bootstrapping token only once and afterwards bootstrapping
will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap
[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=docs).
The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of
[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching)
are not supported from commands, but may be from the corresponding HTTP endpoint.
| ACL Required |
| ------------ |
| `none` |
## Usage
Usage: `consul acl bootstrap [options] [FILE]`
If a file is supplied (or `-` for standard input), the new token's Secret ID is read from the file.
Otherwise, Consul creates a new one.
#### Command Options
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
The output looks like this:
```text
AccessorID: 4d123dff-f460-73c3-02c4-8dd64d136e01
SecretID: 86cddfb9-2760-d947-358d-a2811156bf31
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2018-10-22 11:27:04.479026 -0400 EDT
Policies:
00000000-0000-0000-0000-000000000001 - global-management
```
#### API Options
@include 'http_api_options_client.mdx'
@include 'http_api_options_server.mdx'