A new platform for documentation and tutorials is launching soon.

We are migrating Consul documentation into HashiCorp Developer, our new developer experience.

Join Now
Type '/' to Search

»Consul ACL Auth Methods

Command: consul acl auth-method

The acl auth-method command is used to manage Consul's ACL auth methods. It exposes commands for creating, updating, reading, deleting, and listing auth methods. This command is available in Consul 1.5.0 and newer.

ACL auth methods may also be managed via the HTTP API.

Note: All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the secret ID as the value of the -token parameter.

»Usage

Usage: consul acl auth-method <subcommand>

For the exact documentation for your Consul version, run consul acl auth-method -h to view the complete list of subcommands.

Usage: consul acl auth-method <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL auth method
    delete    Delete an ACL auth method
    list      Lists ACL auth methods
    read      Read an ACL auth method
    update    Update an ACL auth method

Usage: consul acl auth-method <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL auth method
    delete    Delete an ACL auth method
    list      Lists ACL auth methods
    read      Read an ACL auth method
    update    Update an ACL auth method

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

»Basic Examples

Create a new auth method:

$ consul acl auth-method create -type "kubernetes" \
                        -name "my-k8s" \
                        -description "This is an example kube auth method" \
                        -kubernetes-host "https://apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/kube.ca.crt \
                        -kubernetes-service-account-jwt "JWT_CONTENTS"

$ consul acl auth-method create -type "kubernetes" \
                        -name "my-k8s" \
                        -description "This is an example kube auth method" \
                        -kubernetes-host "https://apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/kube.ca.crt \
                        -kubernetes-service-account-jwt "JWT_CONTENTS"

List all auth methods:

$ consul acl auth-method list

$ consul acl auth-method list

Update all editable fields of the auth method:

$ consul acl auth-method update -name "my-k8s" \
                        -description "new description" \
                        -kubernetes-host "https://new-apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/new-kube.ca.crt \
                        -kubernetes-service-account-jwt "NEW_JWT_CONTENTS"

$ consul acl auth-method update -name "my-k8s" \
                        -description "new description" \
                        -kubernetes-host "https://new-apiserver.example.com:8443" \
                        -kubernetes-ca-cert @/path/to/new-kube.ca.crt \
                        -kubernetes-service-account-jwt "NEW_JWT_CONTENTS"

Read an auth method:

$ consul acl auth-method read -name my-k8s

$ consul acl auth-method read -name my-k8s

Delete an auth method:

$ consul acl auth-method delete -name my-k8s

$ consul acl auth-method delete -name my-k8s