Book a 90-minute product workshop led by HashiCorp engineers and product experts during HashiConf Digital Reserve your spot

Enable Transport Encryption for Nomad

Transport Security Overview

The Nomad agent supports encrypting all of its network traffic. There are two separate encryption systems, one for gossip traffic, and one for HTTP and RPC.

Once you complete this track you will have configured transport encryption for all of Nomad's protocols. RPC and HTTP communication is secured with mTLS. Nomad servers also communicate with a gossip protocol, Serf, which is encrypted using symmetric encryption and preshared keys.

To review Nomad uses two different encryption schemes for it's traffic.

  • HTTP - Used to communicate between CLI and Nomad agents. Secured by mTLS.
  • RPC - Used to communicate between Nomad agents. Secured by mTLS.
  • Serf - Used to communicate between Nomad servers. Secured by a shared key.