Hello guys, am trying to list the keys using consul keyring -list and i’m encountering a blocker. This is the error.
root@ip-172-31-20-245:/etc/consul.d# consul keyring -list
==> Gathering installed encryption keys...
error: Unexpected response code: 500 (Reading keyring denied by ACLs)
What could i be doing wrong?
Hi @Lishenga,
Looks like you have ACLs enabled on your Consul cluster and either you don’t have a token set for the Consul CLI or the token you are using isn’t authorized to query keyrings.
You should have a token with a policy of keyring = read for you to successfully query keyring in an ACL enabled cluster (ref: Keyring - Operator - HTTP API | Consul | HashiCorp Developer)
Once you have the token created with the necessary policy, you can pass it to the command line as shown below, or alternatively set CONSUL_HTTP_TOKEN environment variable:
$ consul keyring -list -token <token-uuid>
NOTE: You could also use the master token for this if you have access to it.