open-consul/website/pages/docs/commands/login.mdx

---
layout: docs
page_title: 'Commands: Login'
sidebar_title: login
description: >
  The `login` command will exchange the provided third party credentials with
  the requested auth method for a newly minted Consul ACL token.
---

# Consul Login

Command: `consul login`

The `login` command will exchange the provided third party credentials with the
requested auth method for a newly minted Consul ACL token. The companion
command `consul logout` should be used to destroy any tokens created this way
to avoid a resource leak.

## Usage

Usage: `consul login [options]`

#### API Options

@include 'http_api_options_client.mdx'

#### Command Options

- `-bearer-token-file=<string>` - Path to a file containing a secret bearer
  token to use with this auth method.

- `-meta=<value>` - Metadata to set on the token, formatted as `key=value`. This
  flag may be specified multiple times to set multiple meta fields.

- `-method=<string>` - Name of the auth method to login to.

- `-token-sink-file=<string>` - The most recent token's SecretID is kept up to
  date in this file.

### Examples

Login to an auth method.

```shell
$ consul login -method 'minikube' \
    -bearer-token-file '/run/secrets/kubernetes.io/serviceaccount/token' \
    -token-sink-file 'consul.token'

$ cat consul.token
36103ae4-6731-e719-f53a-d35188cfa41d
```
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`---`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`layout: docs`
			`page_title: 'Commands: Login'`
remove 'sidebar_current' from frontmatter 2020-04-13 18:40:26 +00:00			`sidebar_title: login`
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`description: >`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			The `login` command will exchange the provided third party credentials with
			`the requested auth method for a newly minted Consul ACL token.`
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`---`

			`# Consul Login`

			Command: `consul login`

			The `login` command will exchange the provided third party credentials with the
			`requested auth method for a newly minted Consul ACL token. The companion`
			command `consul logout` should be used to destroy any tokens created this way
			`to avoid a resource leak.`

			`## Usage`

			Usage: `consul login [options]`

			`#### API Options`

intro and api navigation converted 2020-04-07 18:55:19 +00:00			`@include 'http_api_options_client.mdx'`
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00
			`#### Command Options`

intro and api navigation converted 2020-04-07 18:55:19 +00:00			- `-bearer-token-file=<string>` - Path to a file containing a secret bearer
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`token to use with this auth method.`

intro and api navigation converted 2020-04-07 18:55:19 +00:00			- `-meta=<value>` - Metadata to set on the token, formatted as `key=value`. This
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`flag may be specified multiple times to set multiple meta fields.`

intro and api navigation converted 2020-04-07 18:55:19 +00:00			- `-method=<string>` - Name of the auth method to login to.
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00
intro and api navigation converted 2020-04-07 18:55:19 +00:00			- `-token-sink-file=<string>` - The most recent token's SecretID is kept up to
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`date in this file.`

			`### Examples`

			`Login to an auth method.`

docs rendering 2020-04-07 23:56:08 +00:00			```shell
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 21:11:23 +00:00			`$ consul login -method 'minikube' \`
			`-bearer-token-file '/run/secrets/kubernetes.io/serviceaccount/token' \`
			`-token-sink-file 'consul.token'`

			`$ cat consul.token`
			`36103ae4-6731-e719-f53a-d35188cfa41d`
			```