Consul ACL Policies

Command: consul acl policy

The acl policy command is used to manage Consul's ACL policies. It exposes commands for creating, updating, reading, deleting, and listing policies. This command is available in Consul 1.4.0 and newer.

ACL policies may also be managed via the HTTP API.

Usage

Usage: consul acl policy <subcommand>

For the exact documentation for your Consul version, run consul acl policy -h to view the complete list of subcommands.

Usage: consul acl policy <subcommand> [options] [args]

  ...

Subcommands:
    create    Create an ACL policy
    delete    Delete an ACL policy
    list      Lists ACL policies
    read      Read an ACL policy
    update    Update an ACL policy

For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.

Identifying Policies

Several of the subcommands need to operate on a specific policy. Those subcommands support specifying the policy by its ID using the -id parameter or by name using the -name parameter.

When specifying the policy by its ID a unique policy ID prefix may be specified instead of the entire UUID. As long as it is unique it will be resolved to the full UUID and used. Additionally builtin policy names will be accepted as the value to the -id parameter. Even if the builtin policies are renamed their original name can be used to operate on them.

Builtin policies:

Basic Examples

Create a new ACL policy:

$ consul acl policy create -name "new-policy" \
                         -description "This is an example policy" \
                         -datacenter "dc1" \
                         -datacenter "dc2" \
                         -rules @rules.hcl

List all policies:

$ consul acl policy list

Update a policy:

$ consul acl policy update -name "other-policy" -datacenter "dc1"

Read a policy:

$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24

Delete a policy

$ consul acl policy delete -name "my-policy"