mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
44 lines
1.9 KiB
Plaintext
44 lines
1.9 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Sentinel - Configuration
|
|
description: >-
|
|
Configure the sentinel stanza to customize your Sentinel integration.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# `sentinel` stanza
|
|
|
|
The sentinel stanza specifies configurations for
|
|
[Vault's Sentinel](/vault/docs/enterprise/sentinel) integration.
|
|
|
|
```hcl
|
|
sentinel {
|
|
additional_enabled_modules = ["http"]
|
|
}
|
|
```
|
|
|
|
## Requirements
|
|
|
|
A valid Vault Enterprise license is required for use of Sentinel policies.
|
|
|
|
## `sentinel` parameters
|
|
|
|
The sentinel stanza currently supports only one parameter, `additional_enabled_modules`.
|
|
|
|
- `additional_enabled_modules` `(string array: [])`` - This parameter specifies a list of imports (modules)
|
|
to allow in Sentinel policies.
|
|
|
|
Vault currently enables all of Sentinel's [standard imports](https://docs.hashicorp.com/sentinel/imports)
|
|
except the "http" import, which has performance and security implications. In the future, if any new Sentinel
|
|
imports are not automatically enabled by Vault, users could enable them in this stanza.
|
|
Note that this setting cannot be used to load custom import plugins.
|
|
|
|
~> **Warning**: Care should be taken when enabling imports (modules) which
|
|
could have performance and security implications in policies. Enabling the "http" import could cause your Vault
|
|
servers to submit outbound requests to arbitrary endpoints.
|
|
See the
|
|
[Sentinel HTTP Import](https://docs.hashicorp.com/sentinel/imports/http)
|
|
documentation for more information.
|