2019-05-01 21:11:23 +00:00
|
|
|
---
|
2020-09-01 15:14:13 +00:00
|
|
|
layout: commands
|
2020-04-07 18:55:19 +00:00
|
|
|
page_title: 'Commands: Login'
|
2019-05-01 21:11:23 +00:00
|
|
|
description: >
|
2020-04-07 18:55:19 +00:00
|
|
|
The `login` command will exchange the provided third party credentials with
|
|
|
|
the requested auth method for a newly minted Consul ACL token.
|
2019-05-01 21:11:23 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# Consul Login
|
|
|
|
|
|
|
|
Command: `consul login`
|
|
|
|
|
2022-01-11 13:26:58 +00:00
|
|
|
Corresponding HTTP API Endpoint: [\[POST\] /v1/acl/login](/api-docs/acl#login-to-auth-method)
|
2022-01-10 17:40:11 +00:00
|
|
|
|
2019-05-01 21:11:23 +00:00
|
|
|
The `login` command will exchange the provided third party credentials with the
|
|
|
|
requested auth method for a newly minted Consul ACL token. The companion
|
|
|
|
command `consul logout` should be used to destroy any tokens created this way
|
|
|
|
to avoid a resource leak.
|
|
|
|
|
2022-01-10 21:44:56 +00:00
|
|
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
2022-03-30 21:16:26 +00:00
|
|
|
[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching)
|
2022-01-10 21:44:56 +00:00
|
|
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
|
|
|
|
|
|
|
| ACL Required |
|
|
|
|
| ------------ |
|
|
|
|
| `none` |
|
|
|
|
|
2019-05-01 21:11:23 +00:00
|
|
|
## Usage
|
|
|
|
|
|
|
|
Usage: `consul login [options]`
|
|
|
|
|
|
|
|
#### Command Options
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-bearer-token-file=<string>` - Path to a file containing a secret bearer
|
2019-05-01 21:11:23 +00:00
|
|
|
token to use with this auth method.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-meta=<value>` - Metadata to set on the token, formatted as `key=value`. This
|
2019-05-01 21:11:23 +00:00
|
|
|
flag may be specified multiple times to set multiple meta fields.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-method=<string>` - Name of the auth method to login to.
|
2019-05-01 21:11:23 +00:00
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-token-sink-file=<string>` - The most recent token's SecretID is kept up to
|
2019-05-01 21:11:23 +00:00
|
|
|
date in this file.
|
|
|
|
|
2020-05-13 19:14:03 +00:00
|
|
|
- `-type=<string>` - Type of the auth method to login to. This field is
|
|
|
|
optional and defaults to no type. Required for `type=oidc` auth method login.
|
|
|
|
Added in Consul 1.8.0.
|
|
|
|
|
|
|
|
#### Enterprise Options
|
|
|
|
|
|
|
|
- `-oidc-callback-listen-addr=<string>` - The address to bind a webserver on to
|
|
|
|
handle the browser callback from the OIDC workflow. Added in Consul 1.8.0.
|
|
|
|
|
2022-07-27 06:17:11 +00:00
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
|
|
|
|
#### API Options
|
|
|
|
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
|
2019-05-01 21:11:23 +00:00
|
|
|
### Examples
|
|
|
|
|
|
|
|
Login to an auth method.
|
|
|
|
|
2020-05-19 18:32:38 +00:00
|
|
|
```shell-session
|
2019-05-01 21:11:23 +00:00
|
|
|
$ consul login -method 'minikube' \
|
|
|
|
-bearer-token-file '/run/secrets/kubernetes.io/serviceaccount/token' \
|
|
|
|
-token-sink-file 'consul.token'
|
|
|
|
|
|
|
|
$ cat consul.token
|
|
|
|
36103ae4-6731-e719-f53a-d35188cfa41d
|
|
|
|
```
|