open-consul/website/source/docs/commands/acl/token/create.html.md.erb

109 lines
3.6 KiB
Plaintext
Raw Normal View History

---
layout: "docs"
page_title: "Commands: ACL Token Create"
sidebar_current: "docs-commands-acl-token-create"
---
# Consul ACL Token Create
Command: `consul acl token create`
This command creates new tokens. When creating a new token, policies may be linked using
either the `-policy-id` or the `-policy-name` options. When specifying policies by IDs you
may use a unique prefix of the UUID as a shortcut for specifying the entire UUID.
## Usage
Usage: `consul acl token create [options] [args]`
#### API Options
<%= partial "docs/commands/http_api_options_client" %>
<%= partial "docs/commands/http_api_options_server" %>
#### Command Options
* `-accessor=<string>` - Create the token with this Accessor ID. It must be a UUID. If not
specified one will be auto-generated
* `-description=<string>` - A description of the token.
* `-expires-ttl=<duration>` - Duration of time this token should be valid for.
* `-local` - Create this as a datacenter local token.
* `-meta` - Indicates that token metadata such as the content hash and raft indices should be shown
for each entry.
* `-policy-id=<value>` - ID of a policy to use for this token. May be specified multiple times.
* `-policy-name=<value>` - Name of a policy to use for this token. May be specified multiple times.
* `-role-id=<value>` - ID of a role to use for this token. May be specified multiple times.
* `-role-name=<value>` - Name of a role to use for this token. May be specified multiple times.
* `-service-identity=<value>` - Name of a service identity to use for this
token. May be specified multiple times. Format is the `SERVICENAME` or
`SERVICENAME:DATACENTER1,DATACENTER2,...`
* `-secret=<string>` - Create the token with this Secret ID. It must be a UUID. If not
specified one will be auto-generated.
**Note**: The SecretID is used to authorize operations against Consul and should
be generated from an appropriate cryptographic source.
## Examples
Create a new token:
```sh
$ consul acl token create -description "Read Nodes and Services" -policy-id 06acc965
AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d
SecretID: ec15675e-2999-d789-832e-8c4794daa8d7
Description: Read Nodes and Services
Local: false
Create Time: 2018-10-22 15:33:39.01789 -0400 EDT
Policies:
06acc965-df4b-5a99-58cb-3250930c6324 - node-services-read
```
Create a new local token:
```sh
$ consul acl token create -description "Read Nodes and Services" -policy-id 06acc965 -local
AccessorID: 4fdf0ec8-d251-3865-079c-7247c974fc50
SecretID: 02143514-abf2-6c23-0aa1-ec2107e68f6b
Description: Read Nodes and Services
Local: true
Create Time: 2018-10-22 15:34:19.330265 -0400 EDT
Policies:
06acc965-df4b-5a99-58cb-3250930c6324 - node-services-read
```
Create a new token and link with policies by name:
```sh
$ consul acl token create -description "Super User" -policy-name global-management
AccessorID: 59f86a9b-d3b6-166c-32a0-be4ab3f94caa
SecretID: ada7f751-f654-8872-7f93-498e799158b6
Description: Super User
Local: false
Create Time: 2018-10-22 15:35:28.787003 -0400 EDT
Policies:
00000000-0000-0000-0000-000000000001 - global-management
```
Create a new token with one service identity that expires in 15 minutes:
```sh
$ consul acl token create -description 'crawler token' -service-identity 'crawler' -expires-ttl '15m'
AccessorID: 0c083aca-6c15-f0cc-c4d9-30578db54cd9
SecretID: 930dafb6-5c08-040b-23fb-a368a95256f9
Description: crawler token
Local: false
Create Time: 2019-04-25 16:45:49.337687334 -0500 CDT
Expiration Time: 2019-04-25 17:00:49.337687334 -0500 CDT
Service Identities:
crawler (Datacenters: all)
```