» Consul ACL Policies
consul acl policy
acl policy command is used to manage Consul's ACL policies.
It exposes commands for creating, updating, reading, deleting, and listing policies.
This command is available in Consul 1.4.0 and newer.
ACL policies may also be managed via the HTTP API.
Note: All of the example subcommands in this document will require a valid
Consul token with the appropriate permissions. Either set the
CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the
secret ID as the value of the
consul acl policy <subcommand>
For the exact documentation for your Consul version, run
policy -h to view the complete list of subcommands.
Usage: consul acl policy <subcommand> [options] [args] ... Subcommands: create Create an ACL policy delete Delete an ACL policy list Lists ACL policies read Read an ACL policy update Update an ACL policy
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
» Identifying Policies
Several of the subcommands need to operate on a specific policy. Those
subcommands support specifying the policy by its ID using the
or by name using the
When specifying the policy by its ID a unique policy ID prefix may be specified
instead of the entire UUID. As long as it is unique it will be resolved to the
full UUID and used. Additionally builtin policy names will be accepted as the
value to the
-id parameter. Even if the builtin policies are renamed their
original name can be used to operate on them.
|Policy UUID||Policy Name|
» Basic Examples
Create a new ACL policy:
$ consul acl policy create -name "new-policy" \ -description "This is an example policy" \ -datacenter "dc1" \ -datacenter "dc2" \ -rules @rules.hcl
List all policies:
$ consul acl policy list
Update a policy:
$ consul acl policy update -name "other-policy" -datacenter "dc1"
Read a policy:
$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24
Delete a policy
$ consul acl policy delete -name "my-policy"