HashiCorp Developer AI Private beta now available Sign up today
Vault
Vault Home

sentinel stanza

The sentinel stanza specifies configurations for Vault's Sentinel integration.

sentinel {
  additional_enabled_modules = ["http"]
}

Requirements

A valid Vault Enterprise license is required for use of Sentinel policies.

sentinel parameters

The sentinel stanza currently supports only one parameter, additional_enabled_modules.

  • additional_enabled_modules `(string array: [])`` - This parameter specifies a list of imports (modules) to allow in Sentinel policies.

    Vault currently enables all of Sentinel's standard imports except the "http" import, which has performance and security implications. In the future, if any new Sentinel imports are not automatically enabled by Vault, users could enable them in this stanza. Note that this setting cannot be used to load custom import plugins.

    Warning: Care should be taken when enabling imports (modules) which could have performance and security implications in policies. Enabling the "http" import could cause your Vault servers to submit outbound requests to arbitrary endpoints.
    See the Sentinel HTTP Import documentation for more information.

Edit this page on GitHub