Consul
Consul ACL Token Read
Command: consul acl token read
The acl token read command reads and displays a token details.
Usage
Usage: consul acl token read [options] [args]
API Options
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable.-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable.-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable.-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable.-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way.-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable.-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
Command Options
-id=<string>- The ID of the policy to read. It may be specified as a unique ID prefix but will error if the prefix matches multiple policy IDs.-meta- Indicates that policy metadata such as the content hash and raft indices should be shown for each entry.-self- Indicates that the current HTTP token should be read by secret ID instead of expecting a -id option.-format={pretty|json}- Command output format. The default value ispretty.
Enterprise Options
-namespace=<string>- Specifies the namespace to query. If not provided, the namespace will be inferred from the request's ACL token, or will default to thedefaultnamespace. Namespaces are a Consul Enterprise feature added in v1.7.0.
Examples
Get token details:
$ consul acl token read -id 986
AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d
SecretID: ec15675e-2999-d789-832e-8c4794daa8d7
Description: Read Nodes and Services
Local: false
Create Time: 2018-10-22 15:33:39.01789 -0400 EDT
Policies:
06acc965-df4b-5a99-58cb-3250930c6324 - node-services-read
Get token details using the token secret ID:
$consul acl token read -self
AccessorID: 4d123dff-f460-73c3-02c4-8dd64d136e01
SecretID: 86cddfb9-2760-d947-358d-a2811156bf31
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2018-10-22 11:27:04.479026 -0400 EDT
Policies:
00000000-0000-0000-0000-000000000001 - global-management
Get token details (Builtin Tokens)
$ consul acl token read -id anonymous
AccessorID: 00000000-0000-0000-0000-000000000002
SecretID: anonymous
Description: Anonymous Token
Local: false
Create Time: 0001-01-01 00:00:00 +0000 UTC
Policies: