open-consul/website/pages/docs/acl/index.mdx

---
layout: docs
page_title: ACL Guides
sidebar_title: Access Control (ACLs)
description: >-
  Consul provides an optional Access Control List (ACL) system which can be used
  to control access to data and APIs. Select the following guide for your use
  case.
---

# ACL Documentation and Guides

Consul uses Access Control Lists (ACLs) to secure the UI, API, CLI, service
communications, and agent communications. At the core, ACLs operate by grouping
rules into policies, then associating one or more policies with a token.

The following documentation and guides will help you understand and implement
ACLs.

## ACL Documentation

### ACL System

Consul provides an optional Access Control List (ACL) system which can be used
to control access to data and APIs. The ACL system is a Capability-based system
that relies on tokens which can have fine grained rules applied to them. The
[ACL System documentation](/docs/acl/acl-system) details the functionality
of Consul ACLs.

### ACL Rules

A core part of the ACL system is the rule language, which is used to describe
the policy that must be enforced. Read the ACL rules
[documentation](/docs/acl/acl-rules) to learn about rule specifications.

### ACL Auth Methods

An auth method is a component in Consul that performs authentication against a
trusted external party to authorize the creation of an ACL tokens usable within
the local datacenter. Read the ACL auth method
[documentation](/docs/acl/auth-methods) to learn more about how they
work and why you may want to use them.

### ACL Legacy System

The ACL system in Consul 1.3.1 and older is now called legacy. For information
on bootstrapping the legacy system, ACL rules, and a general ACL system
overview, read the legacy [documentation](/docs/acl/acl-legacy).

### ACL Migration

[The migration documentation](/docs/acl/acl-migrate-tokens) details how to
upgrade existing legacy tokens after upgrading to 1.4.0. It will briefly
describe what changed, and then walk through the high-level migration process
options, finally giving some specific examples of migration strategies. The new
ACL system has improvements for the security and management of ACL tokens and
policies.

## Learn ACL Guide

~> Note: the following guide is located on HashiCorp Learn. By selecting it,
you will be directed to a new site.

### Securing Consul with ACLs

In this guide, you will learn how to secure the UI, API, CLI, service
communications, and agent communications with ACLs. When securing your cluster
you should configure the ACLs first. The ACL documentation introduces basic
concepts and syntax for the ACL system, and we recommend that you read it
before you begin [this
guide](https://learn.hashicorp.com/consul/security-networking/production-acls).
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00			`---`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`layout: docs`
			`page_title: ACL Guides`
remove 'sidebar_current' from frontmatter 2020-04-13 18:40:26 +00:00			`sidebar_title: Access Control (ACLs)`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`description: >-`
			`Consul provides an optional Access Control List (ACL) system which can be used`
			`to control access to data and APIs. Select the following guide for your use`
			`case.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00			`---`

			`# ACL Documentation and Guides`

docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`Consul uses Access Control Lists (ACLs) to secure the UI, API, CLI, service`
			`communications, and agent communications. At the core, ACLs operate by grouping`
			`rules into policies, then associating one or more policies with a token.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
			`The following documentation and guides will help you understand and implement`
			`ACLs.`

			`## ACL Documentation`

			`### ACL System`

docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`Consul provides an optional Access Control List (ACL) system which can be used`
			`to control access to data and APIs. The ACL system is a Capability-based system`
			`that relies on tokens which can have fine grained rules applied to them. The`
replace internal .html link extensions 2020-04-09 23:46:54 +00:00			`[ACL System documentation](/docs/acl/acl-system) details the functionality`
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`of Consul ACLs.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
			`### ACL Rules`

docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`A core part of the ACL system is the rule language, which is used to describe`
			`the policy that must be enforced. Read the ACL rules`
replace internal .html link extensions 2020-04-09 23:46:54 +00:00			`[documentation](/docs/acl/acl-rules) to learn about rule specifications.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`### ACL Auth Methods`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`An auth method is a component in Consul that performs authentication against a`
			`trusted external party to authorize the creation of an ACL tokens usable within`
			`the local datacenter. Read the ACL auth method`
docs: docs for jwt and oidc auth methods (#7847) 2020-05-13 19:14:03 +00:00			`[documentation](/docs/acl/auth-methods) to learn more about how they`
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`work and why you may want to use them.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`### ACL Legacy System`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`The ACL system in Consul 1.3.1 and older is now called legacy. For information`
			`on bootstrapping the legacy system, ACL rules, and a general ACL system`
replace internal .html link extensions 2020-04-09 23:46:54 +00:00			`overview, read the legacy [documentation](/docs/acl/acl-legacy).`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`### ACL Migration`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
replace internal .html link extensions 2020-04-09 23:46:54 +00:00			`[The migration documentation](/docs/acl/acl-migrate-tokens) details how to`
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`upgrade existing legacy tokens after upgrading to 1.4.0. It will briefly`
			`describe what changed, and then walk through the high-level migration process`
			`options, finally giving some specific examples of migration strategies. The new`
			`ACL system has improvements for the security and management of ACL tokens and`
			`policies.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`## Learn ACL Guide`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`~> Note: the following guide is located on HashiCorp Learn. By selecting it,`
			`you will be directed to a new site.`
[docs] ACL Side Navigation Added (#5526) * Adding new ACL menu item with guides and documentation. * removing sidebar stuff from under agent, some documenting 2019-03-25 21:20:40 +00:00
			`### Securing Consul with ACLs`

docs: add an overview section for the auth method docs (#5772) 2019-05-02 17:29:20 +00:00			`In this guide, you will learn how to secure the UI, API, CLI, service`
			`communications, and agent communications with ACLs. When securing your cluster`
			`you should configure the ACLs first. The ACL documentation introduces basic`
			`concepts and syntax for the ACL system, and we recommend that you read it`
			`before you begin [this`
			`guide](https://learn.hashicorp.com/consul/security-networking/production-acls).`