sentinel stanza

[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under /website, are now located in hashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in the web-unified-docs repo, and not this one. Changes made to /website content in this repo will not be reflected on the developer.hashicorp.com website.

The sentinel stanza specifies configurations for Vault's Sentinel integration.

sentinel {
  additional_enabled_modules = ["http"]
}

Requirements

A valid Vault Enterprise license is required for use of Sentinel policies.

sentinel parameters

The sentinel stanza currently supports only one parameter, additional_enabled_modules.

• additional_enabled_modules `(string array: [])`` - This parameter specifies a list of imports (modules) to allow in Sentinel policies.

  Vault currently enables all of Sentinel's standard imports except the "http" import, which has performance and security implications. In the future, if any new Sentinel imports are not automatically enabled by Vault, users could enable them in this stanza. Note that this setting cannot be used to load custom import plugins.

  Warning: Care should be taken when enabling imports (modules) which could have performance and security implications in policies. Enabling the "http" import could cause your Vault servers to submit outbound requests to arbitrary endpoints.
  See the Sentinel HTTP Import documentation for more information.