HCP Security Overview
This topic describes the HashiCorp Cloud Platform's (HCP) security model and the security controls available to users.
For more information about security offerings for specific products, refer to HCP Consul Dedicated and HCP Vault Dedicated. For information about HashiCorp's security teams and compliance programs, or to find HashiCorp's public PGP keys and code signature verification, refer to HashiCorp Security and Trust Center.
Security Shared-Responsibility Model
Security of the HashiCorp Cloud Platform (HCP) is a shared responsibility between HashiCorp and the customer. This shared model can help reduce the customer's operational burden, as HashiCorp manages and controls certain components of the system, such as management of the operating system (e.g. updates and security patches), while the customer assumes the responsibilities and management of access management, multi-factor authentication (MFA), and configuration of access control lists (ACLs).
Please refer to HashiCorp Cloud Platform Roles/Responsibilities for more information on this topic.