2014-02-08 00:41:03 +00:00
|
|
|
---
|
2020-04-07 18:55:19 +00:00
|
|
|
layout: docs
|
2020-09-01 15:14:13 +00:00
|
|
|
page_title: Security
|
|
|
|
sidebar_title: Security
|
2020-04-07 18:55:19 +00:00
|
|
|
description: >-
|
|
|
|
Consul relies on both a lightweight gossip mechanism and an RPC system to
|
|
|
|
provide various features. Both of the systems have different security
|
|
|
|
mechanisms that stem from their designs. However, the security mechanisms of
|
|
|
|
Consul have a common goal: to provide confidentiality, integrity, and
|
|
|
|
authentication.
|
2014-02-08 00:41:03 +00:00
|
|
|
---
|
|
|
|
|
2020-11-04 22:05:44 +00:00
|
|
|
## Security Models
|
2014-02-08 00:41:03 +00:00
|
|
|
|
2020-11-05 16:13:14 +00:00
|
|
|
Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
|
2020-11-04 22:05:44 +00:00
|
|
|
intended workloads, operating system, and environment. You can find detailed information about the various personas,
|
2020-11-05 16:13:14 +00:00
|
|
|
recommendations, requirements, and threats [here](/docs/security/security-models).
|
2014-02-08 00:41:03 +00:00
|
|
|
|
2020-11-04 22:05:44 +00:00
|
|
|
## ACLs
|
2014-02-20 20:26:50 +00:00
|
|
|
|
2020-11-04 22:05:44 +00:00
|
|
|
Consul provides an optional [Access Control List (ACL) system](/docs/security/acl) which can be used to control access
|
|
|
|
to data and APIs.
|
2014-02-20 20:26:50 +00:00
|
|
|
|
2020-11-04 22:05:44 +00:00
|
|
|
## Encryption
|
2014-02-08 00:41:03 +00:00
|
|
|
|
2020-11-04 22:05:44 +00:00
|
|
|
The Consul agent supports encrypting all of its network traffic. The exact method of encryption is described on the
|
|
|
|
[encryption security page](/docs/security/encryption). There are two separate encryption systems, one for gossip
|
|
|
|
traffic and one for HTTP + RPC.
|