Managing Consul's Access Control Lists

Consul uses Access Control Lists (ACLs) to secure agents and services and all access points including the UI, API, and CLI. At its core, ACLs operate by grouping rules into policies, then associating one or more policies with a token.

ACLs are recommended for production datacenters, but managing the ACL system can be challenging. We've created a couple of new resources on HashiCorp Learn to help you configure ACLs and create effective policies.

»Get Started

If you are getting started and need to bootstrap the ACL system for the first time, review the Securing Consul with ACLs guide.

»Manage ACL Policies

Before creating your first set of policies, you will need to discover the minimum required privileges, the Learn guide provides several recommendations. After understanding the required privileges, you will also need to understand how to effectively manage ACL policies and tokens. Read the following guide for ACL Policy management best practices.

Managing ACL Policies

»Troubleshoot the ACL system

Consul provides a robust set of APIs that you can use to check the health of your datacenter. In the Learn guide, you will learn about several Consul CLI commands that you can use to troubleshoot issues with tokens and policies. Additionally, you will learn about the ACL system reset procedure that can be used encase of an emergency.

Troubleshooting the ACL system

»Learn More

If you are already familiar with using ACLs, check out the agent communication encryption or gossip encryption guides to learn more about securing your datacenter for production deployments.