open-consul/website/pages/docs/commands/login.mdx

63 lines
1.7 KiB
Plaintext
Raw Normal View History

---
2020-04-07 18:55:19 +00:00
layout: docs
page_title: 'Commands: Login'
sidebar_title: login
description: >
2020-04-07 18:55:19 +00:00
The `login` command will exchange the provided third party credentials with
the requested auth method for a newly minted Consul ACL token.
---
# Consul Login
Command: `consul login`
The `login` command will exchange the provided third party credentials with the
requested auth method for a newly minted Consul ACL token. The companion
command `consul logout` should be used to destroy any tokens created this way
to avoid a resource leak.
## Usage
Usage: `consul login [options]`
#### API Options
2020-04-07 18:55:19 +00:00
@include 'http_api_options_client.mdx'
#### Command Options
2020-04-07 18:55:19 +00:00
- `-bearer-token-file=<string>` - Path to a file containing a secret bearer
token to use with this auth method.
2020-04-07 18:55:19 +00:00
- `-meta=<value>` - Metadata to set on the token, formatted as `key=value`. This
flag may be specified multiple times to set multiple meta fields.
2020-04-07 18:55:19 +00:00
- `-method=<string>` - Name of the auth method to login to.
2020-04-07 18:55:19 +00:00
- `-token-sink-file=<string>` - The most recent token's SecretID is kept up to
date in this file.
- `-type=<string>` - Type of the auth method to login to. This field is
optional and defaults to no type. Required for `type=oidc` auth method login.
Added in Consul 1.8.0.
#### Enterprise Options
@include 'http_api_namespace_options.mdx'
- `-oidc-callback-listen-addr=<string>` - The address to bind a webserver on to
handle the browser callback from the OIDC workflow. Added in Consul 1.8.0.
### Examples
Login to an auth method.
2020-05-19 18:32:38 +00:00
```shell-session
$ consul login -method 'minikube' \
-bearer-token-file '/run/secrets/kubernetes.io/serviceaccount/token' \
-token-sink-file 'consul.token'
$ cat consul.token
36103ae4-6731-e719-f53a-d35188cfa41d
```