Skip to content
Latchkey

consul kv get: Usage, Options & Common CI Errors

Read configuration values from Consul’s distributed key/value store.

consul kv get reads keys from Consul’s KV store. In CI you fetch a single value or a whole prefix for application configuration, authenticating with an ACL token when ACLs are enabled.

What it does

consul kv get <key> prints the value at a key. With -recurse it returns all keys under a prefix; with -keys it lists key names only; with -detailed it includes metadata like the ModifyIndex. It talks to the local agent at CONSUL_HTTP_ADDR (default 127.0.0.1:8500).

Common usage

Terminal
# Read a single key
consul kv get app/config/db_host

# Read every key under a prefix
consul kv get -recurse app/config/

# List key names only under a prefix
consul kv get -keys app/

Common error in CI: connection refused / permission denied

kv get fails with "Error querying Consul agent: ... connection refused" (no agent reachable) or "Permission denied" (ACLs enabled, no/insufficient token). Fix: set CONSUL_HTTP_ADDR to a reachable agent/server and, when ACLs are on, export CONSUL_HTTP_TOKEN with a policy granting read on the key prefix. In CI without a local agent, point CONSUL_HTTP_ADDR at a server endpoint and use CONSUL_HTTP_SSL/TLS env vars if the endpoint is https.

Key options

OptionPurpose
-recurseReturn all keys under a prefix
-keysList key names only
-detailedInclude metadata (indexes, flags)
-rawPrint the raw value only

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →