From 073ff32900553bbffa755e87ff632f160666d41c Mon Sep 17 00:00:00 2001 From: skarsol Date: Wed, 14 Aug 2019 09:19:14 -0500 Subject: [PATCH] Add section for consul 1.4+ (#6366) --- .../operations/deployment-guide.html.md | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/website/source/guides/operations/deployment-guide.html.md b/website/source/guides/operations/deployment-guide.html.md index 6f409778a..79d3693d6 100644 --- a/website/source/guides/operations/deployment-guide.html.md +++ b/website/source/guides/operations/deployment-guide.html.md @@ -162,6 +162,8 @@ Vault requires a Consul token with specific policy to limit the requests Vault c On a host running a Consul agent, and using a Consul management token, create a Consul client token with specific policy for Vault: +### Consul < 1.4 + ```text CONSUL_TOKEN="6609e426-1aeb-4b0d-c302-3a7568fbc1f9" curl \ @@ -171,10 +173,27 @@ curl \ '{ "Name": "Vault Token", "Type": "client", - "Rules": "node \"\" { policy = \"write\" } service \"vault\" { policy = \"write\" } agent \"\" { policy = \"write\" } key \"vault\" { policy = \"write\" } session \"\" { policy = \"write\" } " + "Rules": "node \"\" { policy = \"write\" } service \"vault\" { policy = \"write\" } agent \"\" { policy = \"write\" } key \"vault/\" { policy = \"write\" } session \"\" { policy = \"write\" } " }' http://127.0.0.1:8500/v1/acl/create ``` +### Consul >= 1.4 + +```text +CONSUL_TOKEN="6609e426-1aeb-4b0d-c302-3a7568fbc1f9" +curl \ + --request PUT \ + --header "X-Consul-Token: ${CONSUL_TOKEN}" \ + --data \ +'{ + "Name": "Vault Token", + "Type": "client", + "Rules": "node_prefix \"\" { policy = \"write\" } service \"vault\" { policy = \"write\" } agent_prefix \"\" { policy = \"write\" } key_prefix \"vault/\" { policy = \"write\" } session_prefix \"\" { policy = \"write\" } " +}' http://127.0.0.1:8500/v1/acl/create +``` + + + The response includes the value you will use as the `token` parameter value in Vault's storage stanza configuration. An example response: ```json