Is possible to set a ACL token just for view the web UI?

Currently, I log in to the web UI with my global management token, which may not be safe. Is there any that I can set up an ACL token that can be used to view the web UI only?

Thanks
Yuxuan

Hi @cheyuxuanll,

Consul does not provide a way to create an ACL token that only works for the UI, but does not work for the API. The UI is a client-side web application that queries the HTTP API to retrieve and display resources.

You can create a policy with read-only permissions so that it can view services and nodes in Consul the UI, but not the ability to make changes to those resources via the CLI or API.

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "read"
}

If you want to grant this token access to view the KV store, you will also need key:read permission.

key_prefix "" {
  policy = "read"
}

See https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#consul-ui-token for more information.