Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 28, 2020
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Oct 2020
Assess ?

Although we're big advocates of defining security policy as code, the tooling in this space has been fairly limited. If you're using HashiCorp products (such as Terraform or Vault) and don't mind paying for the enterprise versions, you have the option of using HashiCorp Sentinel. Sentinel is, in effect, a complete programming language for defining and implementing context-based policy decisions. For example, in Terraform it can be used to test for policy violations before applying infrastructure changes. In Vault, Sentinel can be used to define fine-grained access control on the APIs. This approach has all the benefits of encapsulation, maintainability, readability and extensibility that high-level programming languages offer, creating an attractive alternative to traditional, declarative security policy. Sentinel is in the same class of tools as Open Policy Agent but is proprietary, closed-source and only works with HashiCorp products.

Download the PDF



English | Español | Português | 中文

Sign up for the Technology Radar newsletter


Subscribe now

Visit our archive to read previous volumes