Blog HCP Consul on Azure goes GA, plus more Consul news from HashiConf EU Read more
  • Overview
    • Consul on Kubernetes
    • Control access with Consul API Gateway
    • Discover Services with Consul
    • Enforce Zero Trust Networking with Consul
    • Load Balancing with Consul
    • Manage Traffic with Consul
    • Multi-Platform Service Mesh with Consul
    • Network Infrastructure Automation with Consul
    • Observability with Consul
  • Enterprise
  • Tutorials
  • Docs
  • API
  • CLI
  • Community
GitHub
Download
Try HCP Consul
    • v1.12.x (latest)
    • v1.11.x
    • v1.10.x
    • v1.9.x
    • v1.8.x
  • Commands (CLI)
    • Overview
      • Overview
      • create
      • delete
      • list
      • read
      • update
      • Overview
      • create
      • delete
      • list
      • read
      • update
    • bootstrap
      • Overview
      • create
      • delete
      • list
      • read
      • update
      • Overview
      • create
      • delete
      • list
      • read
      • update
    • set-agent-token
      • Overview
      • clone
      • create
      • delete
      • list
      • read
      • update
    • translate-rules
  • agent
    • Overview
    • datacenters
    • nodes
    • services
    • Overview
    • delete
    • list
    • read
    • write
    • Overview
    • ca
    • proxy
    • envoy
    • expose
    • redirect-traffic
  • debug
  • event
  • exec
  • force-leave
  • info
    • Overview
    • check
    • create
    • delete
    • get
    • list
    • match
  • join
  • keygen
  • keyring
    • Overview
    • delete
    • export
    • get
    • import
    • put
  • leave
  • license
  • lock
  • login
  • logout
  • maint
  • members
  • monitor
    • Overview
    • create
    • delete
    • list
    • read
    • update
    • write
    • Overview
    • area
    • autopilot
    • raft
  • partition
  • reload
  • rtt
    • Overview
    • register
    • deregister
    • Overview
    • agent
    • inspect
    • restore
    • save
    • Overview
    • ca
    • cert
  • validate
  • version
  • watch
Type '/' to Search

»Consul ACL Tokens

Command: consul acl token

The acl token command is used to manage Consul's ACL tokens. It exposes commands for creating, updating, reading, deleting, and listing tokens. This command is available in Consul 1.4.0 and newer.

ACL tokens may also be managed via the HTTP API.

Note: All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the secret ID as the value of the -token parameter.

»Usage

Usage: consul acl token <subcommand>

For the exact documentation for your Consul version, run consul acl token -h to view the complete list of subcommands.

Usage: consul acl token <subcommand> [options] [args]

  ...

Subcommands:
    clone     Clone an ACL token
    create    Create an ACL token
    delete    Delete an ACL token
    list      List ACL tokens
    read      Read an ACL token
    update    Update an ACL token
Usage: consul acl token <subcommand> [options] [args]

  ...

Subcommands:
    clone     Clone an ACL token
    create    Create an ACL token
    delete    Delete an ACL token
    list      List ACL tokens
    read      Read an ACL token
    update    Update an ACL token

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

»Identifying Tokens

Several of the subcommands need to operate on a specific token. Those subcommands support specifying the token by its ID using the -id parameter.

The ID may be specified as a unique UUID prefix instead of the entire UUID. As long as it is unique it will be resolved to the full UUID and used. Additionally builtin token names will be accepted as the value of the -id.

Builtin Tokens:

Token UUIDToken Name
00000000-0000-0000-0000-000000000002anonymous

»Basic Examples

Create a new ACL token:

$ consul acl token create \
             -description "This is an example token" \
             -policy-id 06acc965
$ consul acl token create \
             -description "This is an example token" \
             -policy-id 06acc965

List all tokens:

$ consul acl token list
$ consul acl token list

Update a token:

$ consul acl token update -id 986193 -description "WonderToken"
$ consul acl token update -id 986193 -description "WonderToken"

Read a token with an accessor ID:

$ consul acl token read -id 986193
$ consul acl token read -id 986193

Delete a token

$ consul acl token delete -id 986193
$ consul acl token delete -id 986193
github logoEdit this page
IntroGuidesDocsCommunityPrivacySecurityBrandConsent Manager