mirror of https://github.com/hashicorp/consul
28 lines
1.3 KiB
Plaintext
28 lines
1.3 KiB
Plaintext
|
---
|
||
|
layout: docs
|
||
|
page_title: Security Models
|
||
|
sidebar_title: Security Models
|
||
|
description: >-
|
||
|
Overview and links to various Consul security models.
|
||
|
---
|
||
|
|
||
|
## Overview
|
||
|
|
||
|
Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
|
||
|
intended workloads, operating system, and environment. Consul is not secure by default, but can be configured to satisfy
|
||
|
the security requirements for a wide-range of use cases from local developer environments without any configuration to
|
||
|
container orchestrators in-production with ACL authorization, and mTLS authentication.
|
||
|
|
||
|
### Core
|
||
|
|
||
|
The core Consul product provides several options for enabling encryption, authentication, and authorization
|
||
|
controls for a cluster. You can read more about the various personas, recommendations, requirements, and threats
|
||
|
[here](/docs/security/security-models/core).
|
||
|
|
||
|
### NIA
|
||
|
|
||
|
[Network Infrastructure Automation](/docs/nia) (NIA) enables dynamic updates to network infrastructure devices triggered
|
||
|
by service changes. Both the core Consul product's configuration and the configuration for the `consul-terraform-sync`
|
||
|
daemon used by NIA can affect the security of your deploymnet. You can read more about the various personas,
|
||
|
recommendations, requirements, and threats [here](/docs/security/security-models/nia).
|