consul/website/content/docs/security/index.mdx

---
layout: docs
page_title: Security - Overview
description: >-
  Security requirements and recommendations for Consul vary depending on workloads and environments. Learn how ACLs and encryption can protect access to and communication within your datacenter.
---

# Consul security

This topic describes the security requirements and recommendations for a Consul deployment.

## Security Models

Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
intended workloads, operating system, and environment. You can find detailed information about the various personas,
recommendations, requirements, and threats in the [Security Models](/consul/docs/security/security-models) section.

## ACLs

Consul provides an optional [Access Control List (ACL) system](/consul/docs/security/acl) which can be used to control access
to data and APIs.

## Encryption

The Consul agent supports encryption for all of its network traffic. There are two separate encryption systems:

- A gossip encryption system
- An mTLS encryption system for HTTP and RPC

For more information about these two different encryption systems, as well as configuration guidance, refer to [Consul encryption](/consul/docs/security/encryption).
website: bulk copy from serf 2014-02-08 00:41:03 +00:00			`---`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`layout: docs`
Spacing and title fixes 2022-09-16 15:28:32 +00:00			`page_title: Security - Overview`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`description: >-`
Spacing and title fixes 2022-09-16 15:28:32 +00:00			`Security requirements and recommendations for Consul vary depending on workloads and environments. Learn how ACLs and encryption can protect access to and communication within your datacenter.`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00			`---`

CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509) * New proposed structure * Fix structure and add some content * Fix structure and add some content * Fix structure and add some content * Add content * Add content * mtls steps * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * spacing fixes * Replace <CodeTabs> * <CodeBlockConfig> alignment * indent fixes * spacing * More Code tabs fixes * Structure chenges * Structure chenges * Extra content and CE-713 migration * Extra content * Extra content * Extra content * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review * Test CodeTabs * Test CodeTabs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2024-09-19 09:20:44 +00:00			`# Consul security`

			`This topic describes the security requirements and recommendations for a Consul deployment.`

Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## Security Models`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
maintenance complete, pending markdown-page component addition 2020-12-08 23:24:36 +00:00			`Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your`
			`intended workloads, operating system, and environment. You can find detailed information about the various personas,`
CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509) * New proposed structure * Fix structure and add some content * Fix structure and add some content * Fix structure and add some content * Add content * Add content * mtls steps * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * spacing fixes * Replace <CodeTabs> * <CodeBlockConfig> alignment * indent fixes * spacing * More Code tabs fixes * Structure chenges * Structure chenges * Extra content and CE-713 migration * Extra content * Extra content * Extra content * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review * Test CodeTabs * Test CodeTabs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2024-09-19 09:20:44 +00:00			`recommendations, requirements, and threats in the [Security Models](/consul/docs/security/security-models) section.`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## ACLs`
website: documenting the internals 2014-02-20 20:26:50 +00:00
docs: Migrate link formats (#15976) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com> 2023-01-25 16:52:43 +00:00			`Consul provides an optional [Access Control List (ACL) system](/consul/docs/security/acl) which can be used to control access`
maintenance complete, pending markdown-page component addition 2020-12-08 23:24:36 +00:00			`to data and APIs.`
website: documenting the internals 2014-02-20 20:26:50 +00:00
Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## Encryption`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509) * New proposed structure * Fix structure and add some content * Fix structure and add some content * Fix structure and add some content * Add content * Add content * mtls steps * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * spacing fixes * Replace <CodeTabs> * <CodeBlockConfig> alignment * indent fixes * spacing * More Code tabs fixes * Structure chenges * Structure chenges * Extra content and CE-713 migration * Extra content * Extra content * Extra content * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review * Test CodeTabs * Test CodeTabs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2024-09-19 09:20:44 +00:00			`The Consul agent supports encryption for all of its network traffic. There are two separate encryption systems:`

			`- A gossip encryption system`
			`- An mTLS encryption system for HTTP and RPC`

			`For more information about these two different encryption systems, as well as configuration guidance, refer to [Consul encryption](/consul/docs/security/encryption).`