diff --git a/website/content/docs/integrations/consul/acl.mdx b/website/content/docs/integrations/consul/acl.mdx index 5b474134b..7db0abac2 100644 --- a/website/content/docs/integrations/consul/acl.mdx +++ b/website/content/docs/integrations/consul/acl.mdx @@ -109,7 +109,10 @@ Nomad uses to sign workload identities. With these keys, Consul is able to validate their origin and confirm that they were actually created by Nomad. Nomad cannot recreate Consul tokens that have been deleted. The auth method -configuration should never set the `MaxTokenTTL` field. +configuration should never set the `MaxTokenTTL` field. Consul tokens are +local to the Consul datacenter unless you set `TokenLocality: "global"` in the +auth method. We recommend using local tokens, which is the default. Global tokens +require that the primary Consul datacenter is available when allocations start.