Tutorial
Secure Consul agent communication with TLS encryption
This tutorial will provide you with a production-ready TLS configuration for RPC and consensus communication.
Use case
Enforce zero trust networking with Consul
Consul is a core component of HashiCorp's zero trust security solution. Consul enforces zero trust by using identity-based access to ensure all communication within the service mesh is authenticated with TLS certificates and encrypted in transit.
Challenge
Security within network
In traditional security strategies, protection was primarily focused on the perimeter of a network. In cloud environments, the surface area for network access is much wider than the traditional on-premises networks. In addition, traditional security practices overlook the fact that many bad actors can originate from within the network walls. Zero trust security practices are now required to ensure both external and internal communications are authenticated and encrypted.
Solution
Security and governance
Consul enforces zero trust security between all services within the service mesh. Consul supports a built-in certificate authority (CA), Vault, and AWS PCA to automatically generate and rotate TLS certificates used to authenticate and encrypt communication. This helps to increase the adoption of a zero trust security model. Consul's service intentions provide control to developers to ensure only the specified services are allowed to communicate. Consul also supports Vault to centralize certificate and secrets management.
Tutorials
Explore all
Tutorial
Generate mTLS certificates for Consul with Vault
Learn how to secure your Consul datacenter with mTLS using Vault's PKI secrets engine to create both a root and intermediate CA.
Tutorial
Vault as Consul service mesh certification authority
Learn how to configure your Consul datacenter to use Vault as the service mesh CA for new and existing datacenters.
Docs
Explore all
Documentation
Consul encryption
The Consul agent supports encrypting all of its network traffic. There are two encryption systems, one for gossip traffic and one for RPC.
Documentation
ACL documentation and guides
Consul uses access control lists (ACLs) to secure the UI, API, CLI, service communications, and agent communications.
Documentation
Network infrastructure automation
Network infrastructure automation (NIA) enables dynamic updates to network infrastructure devices triggered by service changes.
Introduction to HashiCorp Consul
HashiCorp Co-Founder and CTO Armon Dadgar gives a whiteboard overview of HashiCorp Consul, a service networking solution to connect, configure, and secure services in dynamic infrastructure.