Currently, I log in to the web UI with my global management token, which may not be safe. Is there any that I can set up an ACL token that can be used to view the web UI only?
Thanks
Yuxuan
Hi @cheyuxuanll,
Consul does not provide a way to create an ACL token that only works for the UI, but does not work for the API. The UI is a client-side web application that queries the HTTP API to retrieve and display resources.
You can create a policy with read-only permissions so that it can view services and nodes in Consul the UI, but not the ability to make changes to those resources via the CLI or API.
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
If you want to grant this token access to view the KV store, you will also need key:read permission.
key_prefix "" {
policy = "read"
}
See https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#consul-ui-token for more information.