consul kv get: Usage, Options & Common CI Errors
Read configuration values from Consul’s distributed key/value store.
consul kv get reads keys from Consul’s KV store. In CI you fetch a single value or a whole prefix for application configuration, authenticating with an ACL token when ACLs are enabled.
What it does
consul kv get <key> prints the value at a key. With -recurse it returns all keys under a prefix; with -keys it lists key names only; with -detailed it includes metadata like the ModifyIndex. It talks to the local agent at CONSUL_HTTP_ADDR (default 127.0.0.1:8500).
Common usage
# Read a single key
consul kv get app/config/db_host
# Read every key under a prefix
consul kv get -recurse app/config/
# List key names only under a prefix
consul kv get -keys app/Common error in CI: connection refused / permission denied
kv get fails with "Error querying Consul agent: ... connection refused" (no agent reachable) or "Permission denied" (ACLs enabled, no/insufficient token). Fix: set CONSUL_HTTP_ADDR to a reachable agent/server and, when ACLs are on, export CONSUL_HTTP_TOKEN with a policy granting read on the key prefix. In CI without a local agent, point CONSUL_HTTP_ADDR at a server endpoint and use CONSUL_HTTP_SSL/TLS env vars if the endpoint is https.
Key options
| Option | Purpose |
|---|---|
| -recurse | Return all keys under a prefix |
| -keys | List key names only |
| -detailed | Include metadata (indexes, flags) |
| -raw | Print the raw value only |