Perform a CLI request using a Token

1. Export an Environment Variable
2. Export a Token-File Environment Variable
3. Use the --token Flag
4. Use the --token-file Flag
Summary
Links and References

When interacting with HashiCorp Consul via the CLI, you must authenticate requests using an ACL token. This guide covers four primary ways to supply your token:

Method	Usage Scope	Example
Environment Variable	Entire shell session	`export CONSUL_HTTP_TOKEN=YOUR_TOKEN`
Token-File Environment Variable	Entire shell session	`export CONSUL_HTTP_TOKEN_FILE=/path/to/token.txt`
`--token` Command-Line Flag	Single command	`consul members --token YOUR_TOKEN`
`--token-file` Command-Line Flag	Single command	`consul members --token-file /path/to/token.txt`

Environment variables persist across all Consul commands in your current shell, while CLI flags apply only to the specific command where they’re used.

1. Export an Environment Variable

Supply the ACL token once per session. All subsequent Consul commands will automatically pick it up:

export CONSUL_HTTP_TOKEN=ec15675e-2999-d789-832e-8c4794daa8d7
consul members   # Uses token from $CONSUL_HTTP_TOKEN

Storing tokens as environment variables is convenient, but ensure your shell history is secured to prevent accidental leakage.

2. Export a Token-File Environment Variable

If you prefer keeping tokens out of your shell history, you can point to a file that contains the token:

export CONSUL_HTTP_TOKEN_FILE=/etc/consul/token.txt
consul members   # Reads the token from /etc/consul/token.txt

Validate that the file has restrictive permissions (chmod 600) to protect sensitive data.

3. Use the `--token` Flag

For one-off commands, specify the token inline. This overrides any environment variable settings:

consul members --token ec15675e-2999-d789-832e-8c4794daa8d7

4. Use the `--token-file` Flag

Combine the security of a file with the precision of a per-command setting:

consul members --token-file /etc/consul/token.txt

The --token-file flag instructs Consul to read the token from the specified path, mirroring the behavior of CONSUL_HTTP_TOKEN_FILE.

Summary

When starting a new shell session, remember to re-export any environment variables. In exam or production scenarios, you may be asked to demonstrate any of these four ACL token injection techniques.

Links and References

Watch Video

Page

Demo Using Tokens with the Consul CLI

⌘I

Introduction

Explain Consul Architecture

Deploy a Single Datacenter

Register Services and Use Service Discovery

Back up and Restore

Register a Service Proxy

Secure Agent Communication

Use Gossip Encryption

Access the Consul Key Value KV

Hashi Corp Cloud Platform Consul

Secure Services with Basic AC Ls

Perform a CLI request using a Token

1. Export an Environment Variable

2. Export a Token-File Environment Variable

3. Use the `--token` Flag

4. Use the `--token-file` Flag

Summary

Links and References

Watch Video

Introduction

Explain Consul Architecture

Deploy a Single Datacenter

Register Services and Use Service Discovery

Back up and Restore

Register a Service Proxy

Secure Agent Communication

Use Gossip Encryption

Access the Consul Key Value KV

Hashi Corp Cloud Platform Consul

Secure Services with Basic AC Ls

​1. Export an Environment Variable

​2. Export a Token-File Environment Variable

​3. Use the --token Flag

​4. Use the --token-file Flag

​Summary

​Links and References

Watch Video

1. Export an Environment Variable

2. Export a Token-File Environment Variable

3. Use the `--token` Flag

4. Use the `--token-file` Flag

Summary

Links and References