I am using Consul 1.7.2 with ACL enabled. When I login to Consul UI i notice that the master token is persisted in clear-text in the local storage (key: consul:token) of the browser and survives also restarts of the browser application. The “enable_token_persistence” flag settings seems not have any impact on that behavior.
I would like to have the the token removed after I close the browser session (what would be the case when using session storage instead). Is there a way to avoid the persistence of the token in the browser storage?
1 Like