Difficulty: Beginner
Estimated Time: 10 minutes

Secure Consul Agent Communication with ACL

In this hands-on lab, you will deploy a secure Consul datacenter using Vault to generate and manage ACL tokens.

Consul Secrets Engine

The lab will guide you through the steps necessary to deploy Consul with ACLs enabled to secure access to the cluster data and define agents' permissions.

Specifically, you will:

  • Start a Vault dev instance
  • Start a Consul datacenter with ACL enabled
  • Bootstrap ACLs in Consul
  • Create a Consul policy for servers
  • Enable the Consul secrets engine in Vault
  • Create a management token for Vault
  • Create a Vault role to map Consul policy
  • Create a Vault token associated with the role
  • Verify the token was present in Consul and apply it to the agent

If you are already familiar with the basics of Consul, but are not familiar with Consul ACL system encryption review the Secure Consul with ACLs tutorial and learn how to enable and use ACLs on your Consul datacenter.

Review

In this hands-on lab, you deployed a secure Consul datacenter using Vault to generate and manage ACL tokens.

The lab guided you through the steps necessary to deploy Consul with ACL enabled to verify identity of your server nodes and assign them necessary permissions.

Specifically, you:

  • Started a Vault dev instance
  • Started a Consul datacenter with ACLs enabled
  • Bootstrapped ACLs in Consul
  • Created a Consul policy for servers
  • Enabled the Consul secrets engine in Vault
  • Created a management token for Vault
  • Created a Vault role to map to a Consul policy
  • Created a Vault token associated with the role
  • Verified the token was present in Consul and applied it to the agent

Next Steps

Now that you've bootstrapped the ACLs system in an interactive environment, use the Secure Consul with ACLs tutorial to enable and use ACLs on your Consul datacenter.

Generate Consul Tokens with HashiCorp Vault

Step 1 of 7

Lab Infrastructure Provisioning

There are a few components that need to be added to the environment; we are adding them now. Wait for the complete message and then move to the next step.

Example Output

 - Install prerequisites
 - Fixing Journal

and concluding with

- Complete! Move on to the next step.

Once this message appears, you are ready to continue.

Configuration files

While you wait for the provision to complete you can review the configuration files you are going to use for the lab:

File Description
server.hcl Configuration for Server node
server_policy.hcl Server ACL policy for token generation
Terminal
Consul UI
Vault UI
Dashboard