diff --git a/charts/consul/templates/server-acl-init-job.yaml b/charts/consul/templates/server-acl-init-job.yaml
index 04f4e2de3e..57adde0389 100644
--- a/charts/consul/templates/server-acl-init-job.yaml
+++ b/charts/consul/templates/server-acl-init-job.yaml
@@ -271,7 +271,7 @@ spec:
                 {{- end }}
 
                 {{- if .Values.controller.enabled }}
-                -create-controller-token=true \
+                -controller=true \
                 {{- end }}
 
                 {{- if .Values.apiGateway.enabled }}
diff --git a/charts/consul/test/unit/server-acl-init-job.bats b/charts/consul/test/unit/server-acl-init-job.bats
index 5cbd5a7b8f..fcb997cf16 100644
--- a/charts/consul/test/unit/server-acl-init-job.bats
+++ b/charts/consul/test/unit/server-acl-init-job.bats
@@ -1763,24 +1763,24 @@ load _helpers
 #--------------------------------------------------------------------
 # controller
 
-@test "serverACLInit/Job: -create-controller-token not set by default" {
+@test "serverACLInit/Job: -controller not set by default" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/server-acl-init-job.yaml  \
       --set 'global.acls.manageSystemACLs=true' \
       . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command | any(contains("create-controller-token"))' | tee /dev/stderr)
+      yq '.spec.template.spec.containers[0].command | any(contains("controller"))' | tee /dev/stderr)
   [ "${actual}" = "false" ]
 }
 
-@test "serverACLInit/Job: -create-controller-token set when controller.enabled=true" {
+@test "serverACLInit/Job: -controller set when controller.enabled=true" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/server-acl-init-job.yaml  \
       --set 'global.acls.manageSystemACLs=true' \
       --set 'controller.enabled=true' \
       . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command | any(contains("create-controller-token"))' | tee /dev/stderr)
+      yq '.spec.template.spec.containers[0].command | any(contains("controller"))' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
 
diff --git a/control-plane/subcommand/server-acl-init/command.go b/control-plane/subcommand/server-acl-init/command.go
index b98a84e859..361fdeccd8 100644
--- a/control-plane/subcommand/server-acl-init/command.go
+++ b/control-plane/subcommand/server-acl-init/command.go
@@ -49,7 +49,7 @@ type Command struct {
 	flagAuthMethodHost      string
 	flagBindingRuleSelector string
 
-	flagCreateControllerPoliciesAndBindings bool
+	flagController bool
 
 	flagCreateEntLicenseToken bool
 
@@ -140,8 +140,8 @@ func (c *Command) init() {
 	c.flags.StringVar(&c.flagBindingRuleSelector, "acl-binding-rule-selector", "",
 		"Selector string for connectInject ACL Binding Rule.")
 
-	c.flags.BoolVar(&c.flagCreateControllerPoliciesAndBindings, "create-controller-token", false,
-		"Toggle for creating acl policies and rolebindings for the controller.")
+	c.flags.BoolVar(&c.flagController, "controller", false,
+		"Toggle for configuring ACLs for the controller.")
 
 	c.flags.BoolVar(&c.flagCreateEntLicenseToken, "create-enterprise-license-token", false,
 		"Toggle for creating a token for the enterprise license job.")
@@ -727,7 +727,7 @@ func (c *Command) Run(args []string) int {
 		}
 	}
 
-	if c.flagCreateControllerPoliciesAndBindings {
+	if c.flagController {
 		rules, err := c.controllerRules()
 		if err != nil {
 			c.log.Error("Error templating controller token rules", "err", err)
diff --git a/control-plane/subcommand/server-acl-init/command_ent_test.go b/control-plane/subcommand/server-acl-init/command_ent_test.go
index a7e3f71e51..24f76a61e9 100644
--- a/control-plane/subcommand/server-acl-init/command_ent_test.go
+++ b/control-plane/subcommand/server-acl-init/command_ent_test.go
@@ -295,7 +295,7 @@ func TestRun_ACLPolicyUpdates(t *testing.T) {
 				"-ingress-gateway-name=anothergw",
 				"-terminating-gateway-name=gw",
 				"-terminating-gateway-name=anothergw",
-				"-create-controller-token",
+				"-controller",
 			}
 			// Our second run, we're going to update from partitions and namespaces disabled to
 			// namespaces enabled with a single destination ns and partitions enabled.
diff --git a/control-plane/subcommand/server-acl-init/command_test.go b/control-plane/subcommand/server-acl-init/command_test.go
index 50dd929fe9..cabcf48368 100644
--- a/control-plane/subcommand/server-acl-init/command_test.go
+++ b/control-plane/subcommand/server-acl-init/command_test.go
@@ -2147,7 +2147,7 @@ func TestRun_PoliciesAndBindingRulesForACLLogin_PrimaryDatacenter(t *testing.T)
 	}{
 		{
 			TestName:    "Controller",
-			TokenFlags:  []string{"-create-controller-token"},
+			TokenFlags:  []string{"-controller"},
 			PolicyNames: []string{"controller-policy"},
 			Roles:       []string{resourcePrefix + "-controller-acl-role"},
 		},
@@ -2255,7 +2255,7 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) {
 	}{
 		{
 			TestName:         "Controller",
-			TokenFlags:       []string{"-create-controller-token"},
+			TokenFlags:       []string{"-controller"},
 			PolicyNames:      []string{"controller-policy-" + secondaryDatacenter},
 			Roles:            []string{resourcePrefix + "-controller-acl-role-" + secondaryDatacenter},
 			GlobalAuthMethod: true,
@@ -2365,7 +2365,7 @@ func TestRun_ValidateLoginToken_PrimaryDatacenter(t *testing.T) {
 	}{
 		{
 			ComponentName: "controller",
-			TokenFlags:    []string{"-create-controller-token"},
+			TokenFlags:    []string{"-controller"},
 			Roles:         []string{resourcePrefix + "-controller-acl-role"},
 			GlobalToken:   false,
 		},
@@ -2456,7 +2456,7 @@ func TestRun_ValidateLoginToken_SecondaryDatacenter(t *testing.T) {
 	}{
 		{
 			ComponentName:    "controller",
-			TokenFlags:       []string{"-create-controller-token"},
+			TokenFlags:       []string{"-controller"},
 			Roles:            []string{resourcePrefix + "-controller-acl-role-dc2"},
 			GlobalAuthMethod: true,
 			GlobalToken:      true,