Clarification - What is acl_api_token?

[spuder]

In the readme it says $acl_api_token can either be the boostrap token, or a dedicated token.

Here is an example to automatically create a policy and token for each host. For development environments acl_api_token can be the bootstrap token. For production it should be a dedicated token with access to write/read from the acls.

Can you provide an example of what an acl token with write/read to the acl's would look like?

I've created the following:

A 'Policy' named 'foo' with acl write permissions

  acl = "write"

A 'Token' named 'bar' with applied Policy 'foo' granting acl write permissions

I then take the secret ID of the Token 'bar', and apply it to the puppet variable $acl_api_token

However I find that puppet is unable to create policies and tokens.

[bmx0r]

see: https://learn.hashicorp.com/consul/day-0/acl-guide
You can use the bootstrap token in step2 (Super admin token of consul) or you could create one token yourself taht will include a specific policy for "puppet" to limit what puppet can manage