Consul uses Access Control Lists (ACLs) to secure agents and services and all access points including the UI, API, and CLI. At its core, ACLs operate by grouping rules into policies, then associating one or more policies with a token.
ACLs are recommended for production datacenters, but managing the ACL system can be challenging. We've created a couple of new resources on HashiCorp Learn to help you configure ACLs and create effective policies.
If you are getting started and need to bootstrap the ACL system for the first time, review the Securing Consul with ACLs guide.
Before creating your first set of policies, you will need to discover the minimum required privileges, the Learn guide provides several recommendations. After understanding the required privileges, you will also need to understand how to effectively manage ACL policies and tokens. Read the following guide for ACL Policy management best practices.
Consul provides a robust set of APIs that you can use to check the health of your datacenter. In the Learn guide, you will learn about several Consul CLI commands that you can use to troubleshoot issues with tokens and policies. Additionally, you will learn about the ACL system reset procedure that can be used encase of an emergency.
Troubleshooting the ACL system
If you are already familiar with using ACLs, check out the agent communication encryption or gossip encryption guides to learn more about securing your datacenter for production deployments.
Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.
A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.
Try this example method for transitioning from Consul service discovery to service mesh without affecting uptimes or development teams.