Consul keyring -list error

Hello guys, am trying to list the keys using consul keyring -list and i’m encountering a blocker. This is the error.

root@ip-172-31-20-245:/etc/consul.d# consul keyring -list
==> Gathering installed encryption keys...
error: Unexpected response code: 500 (Reading keyring denied by ACLs)

What could i be doing wrong?

Hi @Lishenga,

Looks like you have ACLs enabled on your Consul cluster and either you don’t have a token set for the Consul CLI or the token you are using isn’t authorized to query keyrings.

You should have a token with a policy of keyring = read for you to successfully query keyring in an ACL enabled cluster (ref: Keyring - Operator - HTTP API | Consul by HashiCorp)

Once you have the token created with the necessary policy, you can pass it to the command line as shown below, or alternatively set CONSUL_HTTP_TOKEN environment variable:

$ consul keyring -list -token <token-uuid>

NOTE: You could also use the master token for this if you have access to it.

1 Like