Consul uses Access Control Lists (ACLs) to secure agents and services and all access points including the UI, API, and CLI. At its core, ACLs operate by grouping rules into policies, then associating one or more policies with a token.
ACLs are recommended for production datacenters, but managing the ACL system can be challenging. We've created a couple of new resources on HashiCorp Learn to help you configure ACLs and create effective policies.
» Get Started
If you are getting started and need to bootstrap the ACL system for the first time, review the Securing Consul with ACLs guide.
» Manage ACL Policies
Before creating your first set of policies, you will need to discover the minimum required privileges, the Learn guide provides several recommendations. After understanding the required privileges, you will also need to understand how to effectively manage ACL policies and tokens. Read the following guide for ACL Policy management best practices.
» Troubleshoot the ACL system
Consul provides a robust set of APIs that you can use to check the health of your datacenter. In the Learn guide, you will learn about several Consul CLI commands that you can use to troubleshoot issues with tokens and policies. Additionally, you will learn about the ACL system reset procedure that can be used encase of an emergency.