What is Sentinel
Sentinel is an embeddable policy as code framework to enable fine-grained, logic-based policy decisions that can be extended to source external information to make decisions.
- Policy as codeTreat policy like an application — version control, pull review, and automate tests. Use real programming constructs to determine policy decisions beyond the limited constraints of typical ACL systems.
- Fine-grained, condition-based policyReject actions on any available input rather than coarse-grained read, write, and admin policies. Make policy decisions based on the condition of other values.
- EmbeddedSentinel is embedded to enable policy enforcement in the data path to actively reject violating behavior instead of passively detecting.
- Multiple enforcement levelsAdvisory, soft-mandatory, and hard-mandatory levels allow policy writers to warn on or reject offending behavior.
- External informationSource external information to make holistic policy decisions. For example, Terraform cannot execute while Consul health checks are failing.
- Multi-cloud compatibleEnsure infrastructure changes are within business and regulatory policy on every infrastructure provider.
Sentinel across our product suite
How Sentinel integrates into HashiCorp Products
Policy as Code in Terraform
HCP Terraform and Terraform Enterprise use Sentinel to enforce policy on Terraform configurations, states, and plans. This lets users enforce Sentinel policies as part of the Terraform run workflow between plan and apply.
The next phase of infrastructure automation
Infrastructure as Code was the first phase, which enables codification and automation for the four main components of infrastructure — provision, secure, connect, and run. Infrastructure as Code empowers more users to create and manage infrastructure; however, that comes with risks as less experienced users could make significant mistakes that impact business operations. Policy as code limits exposure by codifying business and regulatory policies to ensure infrastructure changes are safe. Together Infrastructure as Code and Policy as code empower users to safely and quickly provision, secure, connect, and run any infrastructure for any application.
Ready to get started?
Get in touch or start exploring the documentation.