HCP Security Overview
This topic describes the HashiCorp Cloud Platform's (HCP) security model and the security controls available to users.
For more information about security offerings for specific products, refer to HCP Consul and HCP Vault. For information about HashiCorp's security teams and compliance programs, or to find HashiCorp's public PGP keys and code signature verification, refer to HashiCorp Security and Trust Center.
HCP Consul Central offers global visibility and administration of both HCP-managed and self-managed clusters. HCP Consul Central provides a secure way to register and administer your self-managed clusters.
HCP provides the following security measures for self-managed clusters that are deployed with HCP Consul Central:
- The self-managed cluster nodes initiate the connection to HashiCorp Cloud Platform. This connection is encrypted with TLS.
- The connection is authenticated with an auto-generated service principal. When you delete the cluster, HCP deletes the service principal associated with the cluster.
- You can opt-out of the hosted management service for self-managed clusters by unlinking your self-managed cluster from HCP. Unlinking only deletes the HCP resources for your self managed cluster. Once unlinked, HCP no longer receives any data from your self-managed cluster.
- Your HCP cluster meta-data is securely managed. In addition, the cluster meta-data is covered by SOC 2 Type II controls and GDPR/CCPA controls, as applicable.
Security of the HashiCorp Cloud Platform (HCP) is a shared responsibility between HashiCorp and the customer. This shared model can help reduce the customer's operational burden, as HashiCorp manages and controls certain components of the system, such as management of the operating system (e.g. updates and security patches), while the customer assumes the responsibilities and management of access management, multi-factor authentication (MFA), and configuration of access control lists (ACLs).
Please refer to HashiCorp Cloud Platform Roles/Responsibilities for more information on this topic.