• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Consul
  • Install
  • Tutorials
  • Documentation
  • API
  • CLI
  • Try Cloud(opens in new tab)
  • Sign up
Consul Home

CLI

Skip to main content
  • Commands (CLI)
    • Overview
    • bootstrap
      • Overview
      • create
      • delete
      • list
      • read
      • update
    • set-agent-token
    • translate-rules
  • agent
  • debug
  • event
  • exec
  • force-leave
  • info
  • join
  • keygen
  • keyring
  • leave
  • license
  • lock
  • login
  • logout
  • maint
  • members
  • monitor
  • partition
  • reload
  • rtt
  • validate
  • version
  • watch

  • Resources

  • Tutorial Library
  • Certifications
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. Consul
  3. CLI
  4. acl
  5. policy
  • Consul
  • v1.13.x
  • v1.12.x
  • v1.11.x
  • v1.10.x
  • v1.9.x
  • v1.8.x

ยปConsul ACL Policies

Command: consul acl policy

The acl policy command is used to manage Consul's ACL policies. It exposes commands for creating, updating, reading, deleting, and listing policies. This command is available in Consul 1.4.0 and newer.

ACL policies may also be managed via the HTTP API.

Note: All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the secret ID as the value of the -token parameter.

Usage

Usage: consul acl policy <subcommand>

For the exact documentation for your Consul version, run consul acl policy -h to view the complete list of subcommands.

Usage: consul acl policy <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL policy
    delete    Delete an ACL policy
    list      Lists ACL policies
    read      Read an ACL policy
    update    Update an ACL policy

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

Identifying Policies

Several of the subcommands need to operate on a specific policy. Those subcommands support specifying the policy by its ID using the -id parameter or by name using the -name parameter.

When specifying the policy by its ID a unique policy ID prefix may be specified instead of the entire UUID. As long as it is unique it will be resolved to the full UUID and used. Additionally builtin policy names will be accepted as the value to the -id parameter. Even if the builtin policies are renamed their original name can be used to operate on them.

Builtin policies:

Policy UUIDPolicy Name
00000000-0000-0000-0000-000000000001global-management

Basic Examples

Create a new ACL policy:

$ consul acl policy create -name "new-policy" \
                         -description "This is an example policy" \
                         -datacenter "dc1" \
                         -datacenter "dc2" \
                         -rules @rules.hcl

List all policies:

$ consul acl policy list

Update a policy:

$ consul acl policy update -name "other-policy" -datacenter "dc1"

Read a policy:

$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24

Delete a policy

$ consul acl policy delete -name "my-policy"
Edit this page on GitHub

On this page

  1. Consul ACL Policies
  2. Usage
  3. Identifying Policies
  4. Basic Examples
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)