HashiCorp Developer AI Private beta now available Sign up today
Sentinel
Sentinel Home

Consul

Consul Enterprise uses Sentinel to augment the built-in ACL system to provide advanced policy enforcement. Sentinel policies are applied during writes to the KV Store.

Sentinel policies have access to the key/value being written. They can be used to allow or deny the modification. The information that Sentinel policies have access to will expand over time.

The Consul integration with Sentinel is documented in depth in the Consul Enterprise documentation. Please read that page for full documentation. This page will only show basic examples.

Examples

Example: Input validation depending on the name of the key.

main = rule { valid_key() }

required = [
  ["port", "\\d+"], # ports must be integers
  ["name", "\\w+"], # name must be a word
]

valid_key = func() {
  for required as v {
    if key is v[0] {
      return value matches v[1]
    }
  }

  return false
}