Relationship between node-identity tokens and ACLs


I was wondering, is there any actual difference between node-identity tokens (to ones created with --node-identity) and a standard token that you then associate with an UCL that gives write permissions to that node? So are node-identity tokens basically just a shortcut?

Yes, node identities are basically a shortcut that allow you to create a token that has a synthetic policy that allows you to register a specific node in Consul. It saves you the step of needing to create a node-specific policy for each node in your environment before you create a token for that node with that policy assigned to it.

1 Like