Languages & Frameworks

HashiCorp Sentinel

This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: Oct 28, 2020
Oct 2020

Although we're big advocates of defining security policy as code, the tooling in this space has been fairly limited. If you're using HashiCorp products (such as Terraform or Vault) and don't mind paying for the enterprise versions, you have the option of using HashiCorp Sentinel. Sentinel is, in effect, a complete programming language for defining and implementing context-based policy decisions. For example, in Terraform it can be used to test for policy violations before applying infrastructure changes. In Vault, Sentinel can be used to define fine-grained access control on the APIs. This approach has all the benefits of encapsulation, maintainability, readability and extensibility that high-level programming languages offer, creating an attractive alternative to traditional, declarative security policy. Sentinel is in the same class of tools as Open Policy Agent but is proprietary, closed-source and only works with HashiCorp products.