--- layout: docs page_title: acl Stanza - Agent Configuration description: >- The "acl" stanza configures the Nomad agent to enable ACLs and tune various parameters. --- # `acl` Stanza The `acl` stanza configures the Nomad agent to enable ACLs and tunes various ACL parameters. Learn more about configuring Nomad's ACL system in the [Secure Nomad with Access Control guide][secure-guide]. ```hcl acl { enabled = true token_ttl = "30s" policy_ttl = "60s" } ``` ## `acl` Parameters - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other ACL configuration options depend on this value. - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for cached ACL tokens. This does not affect servers, since they do not cache tokens. Setting this value lower reduces how stale a token can be, but increases the request load against servers. If a client cannot reach a server, for example because of an outage, the TTL will be ignored and the cached value used. - `policy_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for cached ACL policies. This does not affect servers, since they do not cache policies. Setting this value lower reduces how stale a policy can be, but increases the request load against servers. If a client cannot reach a server, for example because of an outage, the TTL will be ignored and the cached value used. - `replication_token` `(string: "")` - Specifies the Secret ID of the ACL token to use for replicating policies and tokens. This is used by servers in non-authoritative region to mirror the policies and tokens into the local region from [authoritative_region][authoritative-region]. [secure-guide]: https://learn.hashicorp.com/collections/nomad/access-control [authoritative-region]: /docs/configuration/server#authoritative_region