|
|
|
|
@ -163,8 +163,8 @@ environment and adapt these configurations accordingly.
|
|
|
|
|
- **Gossip Encryption** - A shared, base64-encoded 32-byte symmetric key is required to [encrypt Serf gossip |
|
|
|
|
communication](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure) within a cluster using |
|
|
|
|
AES GCM. The key size determines which AES encryption types to use; 16, 24, or 32 bytes to select AES-128, AES-192, |
|
|
|
|
or AES-256 respectively. 32-byte keys are ultimately preferable and is the default size generated by the `keygen` |
|
|
|
|
command. This key should be |
|
|
|
|
or AES-256 respectively. 32-byte keys are ultimately preferable and is the default size generated by the |
|
|
|
|
[`keygen`](/commands/keygen) command. This key should be |
|
|
|
|
[regularly rotated](https://support.hashicorp.com/hc/en-us/articles/360044051754-Consul-Gossip-Key-Rotation) using |
|
|
|
|
the builtin [keyring management](/commands/keyring) features of Consul. |
|
|
|
|
|
|
|
|
|
|
Kent 'picat' Gruber
4 years ago