Perform a UI task using a Token

This guide shows how to manage operations in the Consul UI when ACLs are enabled with a default deny-all policy. With ACL enforcement active, read-only views remain accessible, but any change—such as modifying services, nodes, or KV pairs—requires a valid ACL token.

Warning

Ensure you have the correct ACL token (Secret ID) before continuing. Without it, all management actions in the UI will be blocked.

Prerequisites

A running Consul cluster or single server with ACL enforcement enabled
Your ACL bootstrap token or another token with sufficient privileges
Access to the Consul UI (node IP, load balancer, or localhost)

Authenticating in the UI

Open the Consul UI and click the ACL tab (highlighted in yellow).
Paste your ACL Secret ID into the token field.
Click Save.

After successful authentication, two sub-tabs appear under Access Controls:

Sub-Tab	Purpose
Tokens	View default tokens (`bootstrap`, `anonymous`) and create new tokens bound to policies.
Policies	Define, edit, or delete ACL policies. Then return to Tokens to issue tokens using those policies.

Managing Tokens and Policies

The image is a tutorial on performing a UI task using a token, showing steps to enter a valid token in the Access Controls section and manage tokens and policies. It includes labeled screenshots of a user interface with instructions.

Tokens
- Click Create Token to issue a new token and bind it to one or more policies.
- Provide a name and select the policies that define its permissions.
Policies
- Click Create Policy to open the policy editor.
- Define rules using HCL syntax.
- Save the policy, then switch back to Tokens to issue tokens using your new policy.

Next Steps

Explore the Services, Nodes, and KV tabs to verify your permissions.
Automate workflows by using your token with the Consul CLI or API.

Note

For complete ACL configuration and best practices, see the Consul ACL documentation.

Watch Video

Watch video content