mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-18 12:37:02 +02:00
fe3daa411a
* Chore (dev portal): update learn nav data links (#15515) * Update docs-nav-data.json * Update docs-nav-data.json * website: fixes internal redirects (#15750) * chore: remove duplicate overview item (#15805) * Use `badge` for `<sup>` tags in nav data JSON files (#15928) * Replacing <sup> tags with badge * Adding type and color to badges * fix broken links in vault docs (#15976) * website: Update old learn links to redirect locations (#16047) * update previews to render developer UI * update redirects * adjust content so it is backwards compat Co-authored-by: HashiBot <62622282+hashibot-web@users.noreply.github.com> Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com> Co-authored-by: Ashlee M Boyer <43934258+ashleemboyer@users.noreply.github.com>
41 lines
1.5 KiB
Plaintext
41 lines
1.5 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Sentinel - Configuration
|
|
description: |-
|
|
The sentinel stanza specifies configurations for Vault's Sentinel integration.
|
|
---
|
|
|
|
# `sentinel` Stanza
|
|
|
|
The sentinel stanza specifies configurations for
|
|
[Vault's Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel) integration.
|
|
|
|
```hcl
|
|
sentinel {
|
|
additional_enabled_modules = ["http"]
|
|
}
|
|
```
|
|
|
|
## Requirements
|
|
|
|
A valid Vault Enterprise license is required for use of Sentinel policies.
|
|
|
|
## `sentinel` Parameters
|
|
|
|
The sentinel stanza currently supports only one parameter, `additional_enabled_modules`.
|
|
|
|
- `additional_enabled_modules` `(string array: [])`` - This parameter specifies a list of imports (modules)
|
|
to allow in Sentinel policies.
|
|
|
|
Vault currently enables all of Sentinel's [standard imports](https://docs.hashicorp.com/sentinel/imports)
|
|
except the "http" import, which has performance and security implications. In the future, if any new Sentinel
|
|
imports are not automatically enabled by Vault, users could enable them in this stanza.
|
|
Note that this setting cannot be used to load custom import plugins.
|
|
|
|
~> **Warning**: Care should be taken when enabling imports (modules) which
|
|
could have performance and security implications in policies. Enabling the "http" import could cause your Vault
|
|
servers to submit outbound requests to arbitrary endpoints.
|
|
See the
|
|
[Sentinel HTTP Import](https://docs.hashicorp.com/sentinel/imports/http/)
|
|
documentation for more information.
|