New Learn Tutorials: Secure Consul with Vault's Secret Engines
Learn how to secure your Consul agents and access to data with Vault integrations. We also have new Consul 1.9 tutorials.
We have three new step-by-step tutorials on HashiCorp Learn that enable you to secure HashiCorp Consul with Vault. Each tutorial also includes an interactive, in-browser lab where you can test each integration.
Get Hands-On Experience Securing Consul with Vault
In the first tutorial, secure agent-to-agent gossip communication with Vault's secure secrets management. Consul uses gossip traffic between all agents in the datacenter to communicate membership information. This communication should be secured with a symmetric key, since gossip between agents is done over UDP. This tutorial will also include gossip key rotation and management with consul-template. The Consul template tool provides a programmatic method for rendering configuration files from a variety of locations. To learn more about how gossip key rotation can keep your datacenter secure, check out this related tutorial: Rotate Gossip Encryption Keys in Consul.
In the second tutorial, secure Consul's consensus and RPC traffic with Vault-managed mTLS certificates. Consul uses consensus for leadership communication between servers and RPCs requests are forwarded from all agents to the leading server. To secure both types of traffic, Consul supports using TLS to verify the authenticity of servers and clients. This tutorial also includes using consul-template to create and manage Vault-managed mTLS certificates.
In the third tutorial, configure the Consul secrets engine in Vault to deliver Vault-managed Consul Access Control tokens. Consul uses Access Control Lists (ACLs) to secure access to the UI, API, CLI, and agent data.
Check Out What's New in Consul 1.9
Want to learn more about the latest Consul features? Check out these two tutorials to test out features new to Consul 1.9:
Sign up for the latest HashiCorp news
More blog posts like this one
Rotated vs. dynamic secrets: Which should you use?
Learn about the differences and similarities between automated secret rotation and dynamic secrets, and find out when to use each type.
Mitigate risk in regulated industries with HashiCorp Vault in Google Distributed Cloud
Learn how Google Distributed Cloud air-gapped private cloud service works with HashiCorp Vault to mitigate risk.
Reload SSL certificates from HashiCorp Vault for Spring Boot
Update applications with new certificates from Vault’s PKI secrets engine using SSL hot reload in Spring Boot.