Skip to content
Soren L. Hansen edited this page Jan 11, 2026 · 2 revisions

ACL

Roles

Name Description Policies
consul-agent Consul Agent "agent" token role (none, as of yet)
consul-default Consul Agent "default" token role [
all-node-read,
all-service-read
]
consul-registration Consul Agent "config_file_service_registration" token role (none, as of yet)
consul-replication Consul Agent "replication" token role (none, as of yet)
nomad-workload [
all-agent-read,
global-session,
nomad-workload
]

Policies

Name Description Rules
acl-write acl = "write"
all-agent-read agent:all:read agent_prefix "" {
policy = "read"
}
all-key-read key_prefix "" {
policy = "read"
}
all-node-read node:all:read node_prefix "" {
policy = "read"
}
all-service-read service:all:read service_prefix "" {
policy = "read"
}
consul-api node_prefix "consul-api-" {
policy = "write"
}
global-session Allow creating a session on any node session_prefix "" {
policy = "write"
}
nomad-client Nomad Client Policy agent_prefix "" {
policy = "read"
}

node_prefix "" {
policy = "read"
}

service_prefix "" {
policy = "write"
}

key_prefix "" {
policy = "read"
}
nomad-server Nomad Server Policy agent_prefix "" {
policy = "read"
}

node_prefix "" {
policy = "read"
}

service_prefix "" {
policy = "write"
}

acl = "write"
nomad-workload Common Nomad workload policy key "autohostpattern" {
policy = "read"
}

Clone this wiki locally