Skip to content

How To Retrieve Token For Consul

Consul

Info

Consul is the default registry implementation and provides native features for service registration, service discovery, and health checking. Refer to Secure Consul - EdgeX Foundry Documentation for more detail.

Introduction

In the current EdgeX architecture, Consul is pre-wired as the default agent service for Service Configuration, Service Registry, and Service Health Check purposes.

Prior to EdgeXpert v2.0.0 release, the communication to Consul used plain HTTP calls without any access control (ACL) token header and thus was insecure. With the EdgeXpert v2.0.0 release, that situation is now improved by adding required ACL token header X-Consul-Token in any HTTP calls. Moreover, Consul itself is now bootstrapped and started with its ACL system enabled and thus provides better authentication and authorization security features for services. In other words, with the required Consul's ACL token for accessing Consul, assets inside Consul like EdgeX's configuration items in Key-Value (KV) store are now better protected.

Note

Consul is no longer the default service as of Edge Xpert v2.1.0. To start Consul, you need to use the --consul option with the edgexpert up command.

How to get Consul ACL token

Consul's access token can be obtained from the following command: 

$ docker exec -it consul /bin/sh -c 'cat "$STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH" | jq -r '.SecretID' '
28b14da1-f2e9-b1fa-433f-10d1f44d3345

This output token is Consul's ACL bootstrap token and thus one can use it to login and access Consul service's features from Consul's GUI on http://localhost:8500/ui.