2020-11-04 22:05:44 +00:00
|
|
|
---
|
|
|
|
layout: docs
|
|
|
|
page_title: Security Models
|
|
|
|
description: >-
|
2020-12-08 23:24:36 +00:00
|
|
|
Overview and links to various Consul security models.
|
2020-11-04 22:05:44 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
## Overview
|
|
|
|
|
2020-12-08 23:24:36 +00:00
|
|
|
Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
|
|
|
|
intended workloads, operating system, and environment. Consul is not secure by default, but can be configured to satisfy
|
|
|
|
the security requirements for a wide-range of use cases from local developer environments without any configuration to
|
2020-11-04 22:05:44 +00:00
|
|
|
container orchestrators in-production with ACL authorization, and mTLS authentication.
|
|
|
|
|
|
|
|
### Core
|
|
|
|
|
|
|
|
The core Consul product provides several options for enabling encryption, authentication, and authorization
|
2020-12-08 23:24:36 +00:00
|
|
|
controls for a cluster. You can read more about the various personas, recommendations, requirements, and threats
|
2020-11-04 22:05:44 +00:00
|
|
|
[here](/docs/security/security-models/core).
|
|
|
|
|
|
|
|
### NIA
|
|
|
|
|
|
|
|
[Network Infrastructure Automation](/docs/nia) (NIA) enables dynamic updates to network infrastructure devices triggered
|
2020-12-08 23:24:36 +00:00
|
|
|
by service changes. Both the core Consul product's configuration and the configuration for the `consul-terraform-sync`
|
|
|
|
daemon used by NIA can affect the security of your deploymnet. You can read more about the various personas,
|
2020-11-05 16:13:14 +00:00
|
|
|
recommendations, requirements, and threats [here](/docs/security/security-models/nia).
|