HashiCorp Developer AI Private beta now available Sign up today
Consul
Consul Home

Consul security

This topic describes the security requirements and recommendations for a Consul deployment.

Security Models

Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your intended workloads, operating system, and environment. You can find detailed information about the various personas, recommendations, requirements, and threats in the Security Models section.

ACLs

Consul provides an optional Access Control List (ACL) system which can be used to control access to data and APIs.

Encryption

The Consul agent supports encryption for all of its network traffic. There are two separate encryption systems:

  • A gossip encryption system
  • An mTLS encryption system for HTTP and RPC

For more information about these two different encryption systems, as well as configuration guidance, refer to Consul encryption.

Edit this page on GitHub