New Learn Tutorials: Secure Consul with Vault's Secret Engines

[Hashicorp]

We have three new step-by-step tutorials on HashiCorp Learn that enable you to secure HashiCorp Consul with Vault. Each tutorial also includes an interactive, in-browser lab where you can test each integration.

Get Hands-On Experience Securing Consul with Vault

In the first tutorial, secure agent-to-agent gossip communication with Vault's secure secrets management. Consul uses gossip traffic between all agents in the datacenter to communicate membership information. This communication should be secured with a symmetric key, since gossip between agents is done over UDP. This tutorial will also include gossip key rotation and management with consul-template. The Consul template tool provides a programmatic method for rendering configuration files from a variety of locations. To learn more about how gossip key rotation can keep your datacenter secure, check out this related tutorial: Rotate Gossip Encryption Keys in Consul.

In the second tutorial, secure Consul's consensus and RPC traffic with Vault-managed mTLS certificates. Consul uses consensus for leadership communication between servers and RPCs requests are forwarded from all agents to the leading server. To secure both types of traffic, Consul supports using TLS to verify the authenticity of servers and clients. This tutorial also includes using consul-template to create and manage Vault-managed mTLS certificates.

In the third tutorial, configure the Consul secrets engine in Vault to deliver Vault-managed Consul Access Control tokens. Consul uses Access Control Lists (ACLs) to secure access to the UI, API, CLI, and agent data.

Check Out What's New in Consul 1.9

Want to learn more about the latest Consul features? Check out these two tutorials to test out features new to Consul 1.9:

• Application Aware Intentions with Consul Service Mesh
• Load Balancing Services in Consul Service Mesh with Envoy

View the full article