---
layout: docs
page_title: Security - Overview
description: >-
  Security requirements and recommendations for Consul vary depending on workloads and environments. Learn how ACLs and encryption can protect access to and communication within your datacenter.
---

# Consul security

This topic describes the security requirements and recommendations for a Consul deployment.

## Security Models

Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
intended workloads, operating system, and environment. You can find detailed information about the various personas,
recommendations, requirements, and threats in the [Security Models](/consul/docs/security/security-models) section.

## ACLs

Consul provides an optional [Access Control List (ACL) system](/consul/docs/security/acl) which can be used to control access
to data and APIs.

## Encryption

The Consul agent supports encryption for all of its network traffic. There are two separate encryption systems:

- A gossip encryption system
- An mTLS encryption system for HTTP and RPC

For more information about these two different encryption systems, as well as configuration guidance, refer to [Consul encryption](/consul/docs/security/encryption).