HashiCorp Developer AI Private beta now available Sign up today
Nomad
Nomad Home

You are viewing documentation for version v1.0.x. View latest version.

acl Stanza

Placementacl

The acl stanza configures the Nomad agent to enable ACLs and tunes various ACL parameters. Learn more about configuring Nomad's ACL system in the Secure Nomad with Access Control guide.

acl {
  enabled = true
  token_ttl = "30s"
  policy_ttl = "60s"
}

acl Parameters

  • enabled (bool: false) - Specifies if ACL enforcement is enabled. All other client configuration options depend on this value.

  • token_ttl (string: "30s") - Specifies the maximum time-to-live (TTL) for cached ACL tokens. This does not affect servers, since they do not cache tokens. Setting this value lower reduces how stale a token can be, but increases the request load against servers. If a client cannot reach a server, for example because of an outage, the TTL will be ignored and the cached value used.

  • policy_ttl (string: "30s") - Specifies the maximum time-to-live (TTL) for cached ACL policies. This does not affect servers, since they do not cache policies. Setting this value lower reduces how stale a policy can be, but increases the request load against servers. If a client cannot reach a server, for example because of an outage, the TTL will be ignored and the cached value used.

  • replication_token (string: "") - Specifies the Secret ID of the ACL token to use for replicating policies and tokens. This is used by servers in non-authoritative region to mirror the policies and tokens into the local region.