github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/pages/docs/configuration/acl.mdx (about) 1 --- 2 layout: docs 3 page_title: acl Stanza - Agent Configuration 4 sidebar_title: acl 5 description: >- 6 The "acl" stanza configures the Nomad agent to enable ACLs and tune various 7 parameters. 8 --- 9 10 # `acl` Stanza 11 12 <Placement groups={['acl']} /> 13 14 The `acl` stanza configures the Nomad agent to enable ACLs and tunes various 15 ACL parameters. Learn more about configuring Nomad's ACL system in the [Secure 16 Nomad with Access Control guide][secure-guide]. 17 18 ```hcl 19 acl { 20 enabled = true 21 token_ttl = "30s" 22 policy_ttl = "60s" 23 } 24 ``` 25 26 ## `acl` Parameters 27 28 - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other 29 client configuration options depend on this value. 30 31 - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for 32 cached ACL tokens. This does not affect servers, since they do not cache tokens. 33 Setting this value lower reduces how stale a token can be, but increases 34 the request load against servers. If a client cannot reach a server, for example 35 because of an outage, the TTL will be ignored and the cached value used. 36 37 - `policy_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for 38 cached ACL policies. This does not affect servers, since they do not cache policies. 39 Setting this value lower reduces how stale a policy can be, but increases 40 the request load against servers. If a client cannot reach a server, for example 41 because of an outage, the TTL will be ignored and the cached value used. 42 43 - `replication_token` `(string: "")` - Specifies the Secret ID of the ACL token 44 to use for replicating policies and tokens. This is used by servers in non-authoritative 45 region to mirror the policies and tokens into the local region. 46 47 [secure-guide]: https://learn.hashicorp.com/nomad/acls/fundamentals