github.com/smintz/nomad@v0.8.3/website/source/docs/agent/configuration/acl.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "acl Stanza - Agent Configuration" 4 sidebar_current: "docs-agent-configuration-acl" 5 description: |- 6 The "acl" stanza configures the Nomad agent to enable ACLs and tune various parameters. 7 --- 8 9 # `acl` Stanza 10 11 <table class="table table-bordered table-striped"> 12 <tr> 13 <th width="120">Placement</th> 14 <td> 15 <code>**acl**</code> 16 </td> 17 </tr> 18 </table> 19 20 The `acl` stanza configures the Nomad agent to enable ACLs and tunes various ACL parameters. 21 22 ```hcl 23 acl { 24 enabled = true 25 token_ttl = "30s" 26 policy_ttl = "60s" 27 } 28 ``` 29 30 ## `acl` Parameters 31 32 - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other 33 client configuration options depend on this value. 34 35 - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for 36 cached ACL tokens. This does not affect servers, since they do not cache tokens. 37 Setting this value lower reduces how stale a token can be, but increases 38 the request load against servers. If a client cannot reach a server, for example 39 because of an outage, the TTL will be ignored and the cached value used. 40 41 - `policy_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for 42 cached ACL policies. This does not affect servers, since they do not cache policies. 43 Setting this value lower reduces how stale a policy can be, but increases 44 the request load against servers. If a client cannot reach a server, for example 45 because of an outage, the TTL will be ignored and the cached value used. 46 47 - `replication_token` `(string: "")` - Specifies the Secret ID of the ACL token 48 to use for replicating policies and tokens. This is used by servers in non-authoritative 49 region to mirror the policies and tokens into the local region. 50