From facd48b4866a4a98971e1f2a2b4e473890bc74a3 Mon Sep 17 00:00:00 2001 From: Kent 'picat' Gruber Date: Fri, 6 Nov 2020 10:47:22 -0500 Subject: [PATCH] Use the EnterpriseAlert inline widget --- .../docs/security/security-models/core.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/website/pages/docs/security/security-models/core.mdx b/website/pages/docs/security/security-models/core.mdx index 76c0010601..c7e63c2249 100644 --- a/website/pages/docs/security/security-models/core.mdx +++ b/website/pages/docs/security/security-models/core.mdx @@ -27,11 +27,11 @@ environment, but the general mechanisms for a secure Consul deployment revolve a [authentication methods](/docs/security/acl/auth-methods) can be used to enable trusted external parties to authorize ACL token creation. -- **Namespaces (Enterprise Only)** - Read and write operations can be scoped to a logical namespace to restrict access - to Consul components within a multi-tenant environment. +- **Namespaces** - Read and write operations can be scoped to a logical namespace to restrict + access to Consul components within a multi-tenant environment. -- **Sentinel Policies (Enterprise Only)** - Sentinel policies enable policy-as-code for granular control over the - built-in key-value store. +- **Sentinel Policies** - Sentinel policies enable policy-as-code for granular control over + the built-in key-value store. ### Personas @@ -167,8 +167,8 @@ environment and adapt these configurations accordingly. - **👤 Service or Node Identity** - Synthetic policy granting a predefined set of permissions typical for services deployed within Consul. - - **🏷 Namespace** - a named, logical scoping of Consul Enterprise resources, typically to enable multi-tenant - environments. Consul OSS clusters always operate within the “default” namespace. + - **🏷 Namespace** - a named, logical scoping of Consul Enterprise resources, typically to + enable multi-tenant environments. Consul OSS clusters always operate within the “default” namespace. - **Gossip Encryption** - A shared, base64-encoded 32-byte symmetric key is required to [encrypt Serf gossip communication](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure) within a cluster using @@ -187,11 +187,11 @@ environment and adapt these configurations accordingly. - [`encrypt_verify_outgoing`](/docs/agent/options#encrypt_verify_outgoing) - By default this is true to enforce encryption on *outgoing* gossip communications. -- **Namespaces (Enterprise Only)** - Read and write operations should be scoped to logical namespaces to restrict access - to Consul components within a multi-tenant environment. Furthermore, this feature can be used to enable a self-service - approach to Consul ACL administration for teams within a scoped namespace. +- **Namespaces** - Read and write operations should be scoped to logical namespaces to + restrict access to Consul components within a multi-tenant environment. Furthermore, this feature can be used to + enable a self-service approach to Consul ACL administration for teams within a scoped namespace. -- **Sentinel Policies (Enterprise Only)** - Sentinel policies allow for granular control over the builtin +- **Sentinel Policies** - Sentinel policies allow for granular control over the builtin key-value store. - **Ensure Script Checks are Disabled** - Consul’s agent optionally has an HTTP API, which can be exposed beyond