From 19d07c1c4f6a7c1829b1f6446cdf4b3f567c0e11 Mon Sep 17 00:00:00 2001 From: Valina Li Date: Tue, 23 Aug 2022 09:11:03 -0700 Subject: [PATCH] docs: add management token (#844) close #3158 Signed-off-by: Valina Li Signed-off-by: Valina Li --- docs_src/security/Ch-Secure-Consul.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs_src/security/Ch-Secure-Consul.md b/docs_src/security/Ch-Secure-Consul.md index ba03e29d7e..8690e6e9f0 100644 --- a/docs_src/security/Ch-Secure-Consul.md +++ b/docs_src/security/Ch-Secure-Consul.md @@ -53,6 +53,10 @@ via Consul's sub-command: `consul acl set-agent-token agent` or Consul's HTTP AP This agent token provides the identity for Consul service itself and access control for any agent-based API calls from client and thus provides better security. +The management token provides the identity for Consul service itself and access control for remote configuration +from client and thus provides better security. It's created and stored onto the pre-configured folder under +`/tmp/edgex/secrets/consul-acl-token`. + `security-bootstrapper` service also uses Consul's bootstrap token to generate Vault's role based from Consul Secrets Engine API `/consul/role/` for all internal default EdgeX services and add-on services via environment variable `ADD_REGISTRY_ACL_ROLES`. Please see more details @@ -78,7 +82,7 @@ $ make get-consul-acl-token ef4a0580-d200-32bf-17ba-ba78e3a546e7 ``` -This output token is Consul's ACL bootstrap token and thus one can use it to login and access +This output token is Consul's ACL management token and thus one can use it to login and access Consul service's features from Consul's GUI on http://localhost:8500/ui. From the upper right-hand corner of Consul's GUI or the "Log in" button in the center,