Difficulty: Beginner
Estimated Time: 10 minutes

Secure Consul Gossip encryption using Vault

In this hands-on lab, you enable gossip encryption in Consul using Vault to store and retrieve the encryption key.

KV secrets Engine

Specifically, you will:

  • Start a Vault dev instance
  • Enable the KV store in Vault
  • Generate a gossip key for Consul
  • Store the gossip key as a secret in Vault
  • Retrieve the gossip key from Vault
  • Configure and start Consul
  • Use consul-template to automate gossip key rotation

If you are already familiar with the basics of Consul, Secure Gossip Communication with Encryption provides a reference guide for the steps required to enable gossip encryption on both new and existing datacenters.

Review

In this hands-on lab, you enabled gossip encryption in Consul using Vault to store and retrieve the encryption key.

Specifically, you:

  • Started a Vault dev instance
  • Enabled the KV store in Vault
  • Generated a gossip key for Consul
  • Stored the gossip key as a secret in Vault
  • Retrieved the gossip key from Vault
  • Configured and started Consul
  • Used consul-template to automate gossip key rotation

Next Steps

If you are already familiar with the basics of Consul, Secure Gossip Communication with Encryption provides a reference guide for the steps required to enable gossip encryption on both new and existing datacenters.

Use HashiCorp Vault to store Consul gossip key

Step 1 of 7

Provisioning Lab Infrastructure

There are a few components that need to be added to the environment; we are adding them now. Wait for the complete message and then move to the next step.

Example Output

 - Install prerequisites
 - Install Consul locally
 - Installing Consul z.y.z
 - Installing consul-template z.y.z
 - Installing Vault locally
 - Installing Vault z.y.z
...

and concluding with

- Complete! Move on to the next step.

Once this message appears, you are ready to continue.

Terminal
consul-template
Consul UI
Vault UI
Dashboard