Consul ACL Auth Methods
consul acl auth-method
acl auth-method command is used to manage Consul's ACL auth methods.
It exposes commands for creating, updating, reading, deleting, and listing auth methods.
This command is available in Consul 1.5.0 and newer.
ACL auth methods may also be managed via the HTTP API.
Note: All of the example subcommands in this document will require a valid
Consul token with the appropriate permissions. Either set the
CONSUL_HTTP_TOKEN environment variable to the token's secret ID or pass the
secret ID as the value of the
consul acl auth-method <subcommand>
For the exact documentation for your Consul version, run
consul acl auth-method -h to view the complete list of subcommands.
Usage: consul acl auth-method <subcommand> [options] [args] ... Subcommands: create Create an ACL auth method delete Delete an ACL auth method list Lists ACL auth methods read Read an ACL auth method update Update an ACL auth method
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Create a new auth method:
$ consul acl auth-method create -type "kubernetes" \ -name "my-k8s" \ -description "This is an example kube auth method" \ -kubernetes-host "https://apiserver.example.com:8443" \ -kubernetes-ca-cert @/path/to/kube.ca.crt \ -kubernetes-service-account-jwt "JWT_CONTENTS"
List all auth methods:
$ consul acl auth-method list
Update all editable fields of the auth method:
$ consul acl auth-method update -name "my-k8s" \ -description "new description" \ -kubernetes-host "https://new-apiserver.example.com:8443" \ -kubernetes-ca-cert @/path/to/new-kube.ca.crt \ -kubernetes-service-account-jwt "NEW_JWT_CONTENTS"
Read an auth method:
$ consul acl auth-method read -name my-k8s
Delete an auth method:
$ consul acl auth-method delete -name my-k8s