• Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
Sentinel
  • Intro
  • Docs
Download
    • v0.19.x (latest)
    • v0.18.x
    • v0.17.x
    • v0.16.x
    • v0.15.x
    • v0.14.x
    • v0.13.x
  • Release Notes
    • Overview
    • Policy as Code
    • Policy Language
    • Imports
    • Enforcement Levels
    • Overview
    • Override Files
    • Remote Sources
    • Overview
    • apply
    • fmt
    • test
    • Overview
    • Basics
    • Rules
    • Traces
    • Testing
    • Imports
    • Debugging
    • Overview
    • Modules
    • Plugins
    • Static Imports
    • Internals

    • Overview
    • Variables
    • Values
    • Lists
    • Maps
    • Rules
    • Imports
    • Parameters
    • Boolean Expressions
    • Arithmetic
    • Slices
    • Conditionals
    • Loops
    • Collection Operations
    • Functions
    • Scope
    • Undefined
    • Logging and Errors
    • Specification
    • Overview
    • append
    • delete
    • error
    • keys
    • length
    • print
    • range
    • values
    • Overview
    • base64
    • decimal
    • http
    • json
    • runtime
    • sockaddr
    • strings
    • time
    • types
    • units
    • version

  • Consul
  • Nomad
  • Terraform
  • Vault
Type '/' to Search

»Consul

Consul Enterprise uses Sentinel to augment the built-in ACL system to provide advanced policy enforcement. Sentinel policies are applied during writes to the KV Store.

Sentinel policies have access to the key/value being written. They can be used to allow or deny the modification. The information that Sentinel policies have access to will expand over time.

The Consul integration with Sentinel is documented in depth in the Consul Enterprise documentation. Please read that page for full documentation. This page will only show basic examples.

»Examples

Example: Input validation depending on the name of the key.

main = rule { valid_key() }

required = [
  ["port", "\\d+"], # ports must be integers
  ["name", "\\w+"], # name must be a word
]

valid_key = func() {
  for required as v {
    if key is v[0] {
      return value matches v[1]
    }
  }

  return false
}
  • ProvisionMulti-Cloud Infrastructure
  • SecureMulti-Cloud Security
  • ConnectMulti-Cloud Networking
  • RunMulti-Cloud Orchestration
Products
  • Terraform
  • Vault
  • Consul
  • Nomad
  • Vagrant
  • Packer
  • Boundary NEW
  • Waypoint NEW
  • Sentinel
Resources
  • Blog
  • Tutorials
  • Community
  • Events
  • Integrations
  • Library
  • Partners
  • Podcast
  • Support
  • Training
Company
  • About Us
  • JobsWe're Hiring
  • Press Center
  • Brand
  • Contact Us
  • System Status
  • Cookie Manager
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
stdin: is not a tty