open-consul/website/content/docs/security/index.mdx

---
layout: docs
page_title: Security
description: >-
  Consul relies on both a lightweight gossip mechanism and an RPC system to
  provide various features. Both of the systems have different security
  mechanisms that stem from their designs. However, the security mechanisms of
  Consul have a common goal: to provide confidentiality, integrity, and
  authentication.
---

## Security Models

Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your
intended workloads, operating system, and environment. You can find detailed information about the various personas,
recommendations, requirements, and threats [here](/docs/security/security-models).

## ACLs

Consul provides an optional [Access Control List (ACL) system](/docs/security/acl) which can be used to control access
to data and APIs.

## Encryption

The Consul agent supports encrypting all of its network traffic. The exact method of encryption is described on the
[encryption security page](/docs/security/encryption). There are two separate encryption systems, one for gossip
traffic and one for HTTP + RPC.
website: bulk copy from serf 2014-02-08 00:41:03 +00:00			`---`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`layout: docs`
docs: update structure (#8506) - moved and renamed files/folders based on new structure - updated docs navigation based on new structure - moved CLI to top nav (created commands.jsx and commands-navigation.js) - updated and added redirects - updating to be consistent with standalone categories - changing "overview" link in top nav to lead to where intro was moved (docs/intro) - adding redirects for intro content - deleting old intro folders - format all data/navigation files - deleting old commands folder - reverting changes to glossary page - adjust intro navigation for removal of 'vs' paths - add helm page redirect - fix more redirects - add a missing redirect - fix broken anchor links and formatting mistakes - deleted duplicate section, added redirect, changed link - removed duplicate glossary page 2020-09-01 15:14:13 +00:00			`page_title: Security`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`description: >-`
			`Consul relies on both a lightweight gossip mechanism and an RPC system to`
			`provide various features. Both of the systems have different security`
			`mechanisms that stem from their designs. However, the security mechanisms of`
			`Consul have a common goal: to provide confidentiality, integrity, and`
			`authentication.`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00			`---`

Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## Security Models`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
maintenance complete, pending markdown-page component addition 2020-12-08 23:24:36 +00:00			`Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your`
			`intended workloads, operating system, and environment. You can find detailed information about the various personas,`
Actually fix spelling of recommendations I obviously have no idea how to spell this word 2020-11-05 16:13:14 +00:00			`recommendations, requirements, and threats [here](/docs/security/security-models).`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## ACLs`
website: documenting the internals 2014-02-20 20:26:50 +00:00
maintenance complete, pending markdown-page component addition 2020-12-08 23:24:36 +00:00			`Consul provides an optional [Access Control List (ACL) system](/docs/security/acl) which can be used to control access`
			`to data and APIs.`
website: documenting the internals 2014-02-20 20:26:50 +00:00
Revamp security model documentation 2020-11-04 22:05:44 +00:00			`## Encryption`
website: bulk copy from serf 2014-02-08 00:41:03 +00:00
maintenance complete, pending markdown-page component addition 2020-12-08 23:24:36 +00:00			`The Consul agent supports encrypting all of its network traffic. The exact method of encryption is described on the`
			`[encryption security page](/docs/security/encryption). There are two separate encryption systems, one for gossip`
			`traffic and one for HTTP + RPC.`