Consul Enterprise uses Sentinel to augment the built-in ACL system to provide advanced policy enforcement. Sentinel policies are applied during writes to the KV Store.

Sentinel policies have access to the key/value being written. They can be used to allow or deny the modification. The information that Sentinel policies have access to will expand over time.

The Consul integration with Sentinel is documented in depth in the Consul Enterprise documentation. Please read that page for full documentation. This page will only show basic examples.


Example: Input validation depending on the name of the key.

main = rule { valid_key() }

required = [
  ["port", "\\d+"], # ports must be integers
  ["name", "\\w+"], # name must be a word

valid_key = func() {
  for required as v {
    if key is v[0] {
      return value matches v[1]

  return false