»Your First Sentinel Policy

Sentinel is a system to enforce complex policies on an integrated application.

Writing Sentinel policy requires minimal programming experience. The Sentinel language is designed to be approachable and learned quickly and easily. Whether you're a professional programmer or someone who uses SQL and Excel, you can learn to write Sentinel policies.

Let's begin by writing a simple, working Sentinel policy:

hour = 4
main = rule { hour >= 0 and hour < 12 }

This is a valid Sentinel policy. It will pass since we hardcoded the hour to be 4. In a real system, hour may be something that is provided to us and actually set to the current hour. We'll learn more about that later.

For now, try running this policy locally. Save the above example to a file named policy.sentinel and execute it. Then, modify the policy to make it fail. Play around more if you'd like.

$ sentinel apply policy.sentinel


Every Sentinel policy must have a main rule. This is the rule that is evaluated to determine the result of a policy. A rule describes a condition that must be true for the rule to be true. Within the rule, a single boolean expression describes the condition. In the example above, it is a straightforward check that the time is greater than zero (midnight) and less than 12.

It is easy to imagine that such a rule might be used in a system such as Nomad to restrict the times when a deploy can occur. The power of arbitrary logical statements within Sentinel allows Sentinel policies to restrict almost any behavior.

Next, we'll introduce and explain rules so we can use them in our policies.