Consul CLI login using Consul Secrets engine token from Vault

praveenprem · January 3, 2025, 3:23pm

Hello,

I’m testing out Consul ACL with Vault integration.

I successfully integrated Consul authentication with a token generated from Vault, which works file in the UI. However, I’m unable to log in to Consul CLI using the token as I can’t find any documentation relating to Vault. Even the auth-methods#supported-types don’t list Vault as an option.

Is this not possible? If so do I need to manually create CLI token directly in the Consul server just so I can use the CLI?

Any help regarding this is appreciated as my only option at the moment is to leave the Consul server unprotected as I’m running into Coordinate update blocked by ACLs: accessorID="anonymous token" error from all client nodes.

Thanks

blake · January 3, 2025, 5:50pm

Hi @praveenprem,

If you’ve generated a Consul token via Vault, you can use it directly in the CLI client to authenticate to Consul.

$ export CONSUL_HTTP_TOKEN=<Consul token from Vault>
$ consul members
…

# or
$ consul members -token=<Consul token from Vault>

praveenprem · January 3, 2025, 6:23pm

Thanks, Blake that worked.

I was trying to us the consul login command which requires a method to be defined and that’s where I was going wrong

system · February 2, 2025, 6:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Support for service identities in Consul secrets engine Vault	1	472	October 8, 2020
Vault <> Consul secret engine and ACL token renew (?) Consul acl , vault	1	453	November 21, 2022
Vault with Consul - ACL token Vault	1	410	May 20, 2022
Support for tying Consul tokens to Consul roles via Consul Secrets Engine Vault	0	230	July 27, 2020
Creating an ACL token with "-secret" option breaks the consul security? Consul	6	838	April 7, 2023

Consul CLI login using Consul Secrets engine token from Vault

Related topics