» Sentinel Overview

Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.

To learn how to use Sentinel and begin writing policies with the Sentinel language, see the Sentinel documentation.

You can also use the tfe_sentinel_policy resource from the Terraform Enterprise provider to upload a policy using Terraform itself.

» Sentinel in Terraform Enterprise

Using Sentinel with Terraform Enterprise involves:

  • Defining the policies - Policies are defined using the policy language with imports for parsing the Terraform plan, state and configuration.
  • Managing the policies for organizations - Organization owners add policies to their organization by setting the policy name, policy file, and the enforcement level. They then group these policies into policy sets to define which workspaces the policies are checked against during runs.
  • Managing policies with VCS - After getting an understanding of policy management, organizations can manage their policies with VCS, which will assist with the deployment of policies at scale.
  • Enforcing policy checks on runs - Policies are checked when a run is performed, after the terraform plan but before it can be confirmed or the terraform apply is executed.
  • Mocking Sentinel Terraform data - Terraform Enterprise provides the ability to generate mock data for any run within a workspace. This data can be used with the Sentinel Simulator to test policies before deployment.