acl = {
  enabled = true
  default_policy = "allow"
  enable_token_persistence = true
}