Security Models

Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your intended workloads, operating system, and environment. You can find detailed information about the various personas, recommendations, requirements, and threats here.

ACLs

Consul provides an optional Access Control List (ACL) system which can be used to control access to data and APIs.

Encryption

The Consul agent supports encrypting all of its network traffic. The exact method of encryption is described on the encryption security page. There are two separate encryption systems, one for gossip traffic and one for HTTP + RPC.