June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Overview
    • Consul on Kubernetes
    • Control access with Consul API Gateway
    • Discover Services with Consul
    • Enforce Zero Trust Networking with Consul
    • Load Balancing with Consul
    • Manage Traffic with Consul
    • Multi-Platform Service Mesh with Consul
    • Network Infrastructure Automation with Consul
    • Observability with Consul
  • Enterprise
  • Tutorials
  • Docs
  • API
  • CLI
  • Community
GitHub
Download
Try HCP Consul
    • v1.12.x (latest)
    • v1.11.x
    • v1.10.x
    • v1.9.x
    • v1.8.x
  • Commands (CLI)
    • Overview
      • Overview
      • create
      • delete
      • list
      • read
      • update
      • Overview
      • create
      • delete
      • list
      • read
      • update
    • bootstrap
      • Overview
      • create
      • delete
      • list
      • read
      • update
      • Overview
      • create
      • delete
      • list
      • read
      • update
    • set-agent-token
      • Overview
      • clone
      • create
      • delete
      • list
      • read
      • update
    • translate-rules
  • agent
    • Overview
    • datacenters
    • nodes
    • services
    • Overview
    • delete
    • list
    • read
    • write
    • Overview
    • ca
    • proxy
    • envoy
    • expose
    • redirect-traffic
  • debug
  • event
  • exec
  • force-leave
  • info
    • Overview
    • check
    • create
    • delete
    • get
    • list
    • match
  • join
  • keygen
  • keyring
    • Overview
    • delete
    • export
    • get
    • import
    • put
  • leave
  • license
  • lock
  • login
  • logout
  • maint
  • members
  • monitor
    • Overview
    • create
    • delete
    • list
    • read
    • update
    • write
    • Overview
    • area
    • autopilot
    • raft
  • partition
  • reload
  • rtt
    • Overview
    • register
    • deregister
    • Overview
    • agent
    • inspect
    • restore
    • save
    • Overview
    • ca
    • cert
  • validate
  • version
  • watch
Type '/' to Search

»Consul ACL Auth Methods

Command: consul acl auth-method

The acl auth-method command is used to manage Consul's ACL auth methods. It exposes commands for creating, updating, reading, deleting, and listing auth methods. This command is available in Consul 1.5.0 and newer.

ACL auth methods may also be managed via the HTTP API.

Note: All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the secret ID as the value of the -token parameter.

»Usage

Usage: consul acl auth-method <subcommand>

For the exact documentation for your Consul version, run consul acl auth-method -h to view the complete list of subcommands.

Usage: consul acl auth-method <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL auth method
    delete    Delete an ACL auth method
    list      Lists ACL auth methods
    read      Read an ACL auth method
    update    Update an ACL auth method
Usage: consul acl auth-method <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL auth method
    delete    Delete an ACL auth method
    list      Lists ACL auth methods
    read      Read an ACL auth method
    update    Update an ACL auth method

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

»Basic Examples

Create a new auth method:

$ consul acl auth-method create -type "kubernetes" \
                        -name "my-k8s" \
                        -description "This is an example kube auth method" \
                        -kubernetes-host "https://apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/kube.ca.crt \
                        -kubernetes-service-account-jwt "JWT_CONTENTS"
$ consul acl auth-method create -type "kubernetes" \
                        -name "my-k8s" \
                        -description "This is an example kube auth method" \
                        -kubernetes-host "https://apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/kube.ca.crt \
                        -kubernetes-service-account-jwt "JWT_CONTENTS"

List all auth methods:

$ consul acl auth-method list
$ consul acl auth-method list

Update all editable fields of the auth method:

$ consul acl auth-method update -name "my-k8s" \
                        -description "new description" \
                        -kubernetes-host "https://new-apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/new-kube.ca.crt \
                        -kubernetes-service-account-jwt "NEW_JWT_CONTENTS"
$ consul acl auth-method update -name "my-k8s" \
                        -description "new description" \
                        -kubernetes-host "https://new-apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/new-kube.ca.crt \
                        -kubernetes-service-account-jwt "NEW_JWT_CONTENTS"

Read an auth method:

$ consul acl auth-method read -name my-k8s
$ consul acl auth-method read -name my-k8s

Delete an auth method:

$ consul acl auth-method delete -name my-k8s
$ consul acl auth-method delete -name my-k8s
github logoEdit this page
IntroGuidesDocsCommunityPrivacySecurityBrandConsent Manager