---
layout: docs
page_title: Sentinel in Consul
description: >-
Consul Enterprise uses Sentinel to augment the built-in ACL system to provide
advanced policy enforcement. Sentinel policies can currently execute on KV
modify and service registration.
---
# Sentinel Overview
Consul 1.0 adds integration with [Sentinel](https://hashicorp.com/sentinel) for policy enforcement.
Sentinel policies help extend the ACL system in Consul beyond the static "read", "write", and "deny"
policies to support full conditional logic and integration with external systems.
## Sentinel in Consul
Sentinel policies are applied during writes to the KV Store.
An optional `sentinel` field specifying code and enforcement level can be added to [ACL policy definitions](/docs/agent/acl-rules#sentinel-integration) for Consul KV. The following policy ensures that the value written during a KV update must end with "dc1".
```text
key "datacenter_name" {
policy = "write"
sentinel {
code = < 8 and time.now.hour < 17 }
EOF
}
}
```