How is this communication protected between all participating servers and clients?

Consul Associate 0 Comments

Consul uses a gossip protocol that is powered by Serf.

How is this communication protected between all participating servers and clients?
A . shared secret
B. TLS
C. username and password
D. mutual TLS

Answer: A

Explanation:

Consul’s gossip protocol is protected by a symmetric key, or a shared secret, that is configured as part of the configuration file or in a separate file that is read when the Consul service starts. For example, you can add the parameter "encrypt" to the configuration file with 32-byte, Base64 encoded shared secret.

All nodes in the Consul cluster, including WAN joined datacenters, must use the same encryption key. An example of this key would be pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s= Furthermore, you can generate this 32-byte, Base64 encoded shared secret by using the built-in command consul keygen

$ consul keygen

pUqJrVyVRj5jsiYEkM/tFQYfWyJIv4s3XkvDwy7Cu5s=

More information about the gossip encryption can be found here.

By the way, the HashiCorp Learn platform mentioned that the key is 16-bytes, but that was changed sometime in 2019 in order for Serf to encrypt data using AES256

Latest Consul Associate Dumps Valid Version with 171 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Consul Associate PDF     Consul Associate Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments