Learn how to secure your Consul agents and access to data with Vault integrations. We also have new Consul 1.9 tutorials.
We have three new step-by-step tutorials on HashiCorp Learn that enable you to secure HashiCorp Consul with Vault. Each tutorial also includes an interactive, in-browser lab where you can test each integration.
In the first tutorial, secure agent-to-agent gossip communication with Vault's secure secrets management. Consul uses gossip traffic between all agents in the datacenter to communicate membership information. This communication should be secured with a symmetric key, since gossip between agents is done over UDP. This tutorial will also include gossip key rotation and management with consul-template. The Consul template tool provides a programmatic method for rendering configuration files from a variety of locations. To learn more about how gossip key rotation can keep your datacenter secure, check out this related tutorial: Rotate Gossip Encryption Keys in Consul.
In the second tutorial, secure Consul's consensus and RPC traffic with Vault-managed mTLS certificates. Consul uses consensus for leadership communication between servers and RPCs requests are forwarded from all agents to the leading server. To secure both types of traffic, Consul supports using TLS to verify the authenticity of servers and clients. This tutorial also includes using consul-template to create and manage Vault-managed mTLS certificates.
In the third tutorial, configure the Consul secrets engine in Vault to deliver Vault-managed Consul Access Control tokens. Consul uses Access Control Lists (ACLs) to secure access to the UI, API, CLI, and agent data.
Want to learn more about the latest Consul features? Check out these two tutorials to test out features new to Consul 1.9:
HCP Vault Radar conducts ongoing reconnaissance of unsecured secrets stored as plain text in code repositories as well as configuration, DevOps, and collaboration tools.
Secrets sync is a new feature in HashiCorp Vault that facilitates centralized management, governance, and control of secrets for multiple external secret managers.
A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.