The Consul Education team has created new guides to help you better secure your network communications and narrow your access permissions. Each guide provides step-by-step instructions to help you better utilize these security features.

New ACL Tokens

Consul uses Access Control Lists (ACLs) to secure the UI, API, CLI, service communications, and agent communications. As newer versions of Consul have emerged, the syntax for ACL tokens has changed to become more precise and more flexible to manage. This guide describes the process for migrating legacy tokens present in a pre-1.4.0 Consul deployment after an upgrade to Consul 1.4+.

Migrate ACL Tokens

OpenSSL Certificates for TLS Security

Securing your datacenter with Transport Layer Security (TLS) encryption is an important step to prepare for production deployments. This guide will provide you with a production-ready TLS configuration for RPC, Consensus, and HTTP communication. Learn how to secure RPC and consensus communication by creating and deploying certificates to Consul agents using OpenSSL as the certificate authority.

Secure Agent Communication with Existing Certificate Authority

TLS Encryption

In this guide, you will learn how to secure RPC and consensus communication by creating and deploying certificates to Consul agents on an existing datacenter. Step-by-step instructions demonstrate how to update your existing datacenter for production-ready TLS with zero downtime.

Update Agents to Communicate with TLS

from Hashicorp Blog: https://www.hashicorp.com/blog/security-guides-for-consul