b76a56d40c
* migrates nav data format and updates docs pages * removes sidebar_title from content files
41 lines
1.5 KiB
Plaintext
41 lines
1.5 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Sentinel - Configuration
|
|
description: |-
|
|
The sentinel stanza specifies configurations for Vault's Sentinel integration.
|
|
---
|
|
|
|
# `sentinel` Stanza
|
|
|
|
The sentinel stanza specifies configurations for
|
|
[Vault's Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel) integration.
|
|
|
|
```hcl
|
|
sentinel {
|
|
additional_enabled_modules = ["http"]
|
|
}
|
|
```
|
|
|
|
## Requirements
|
|
|
|
A valid Vault Enterprise license is required for use of Sentinel policies.
|
|
|
|
## `sentinel` Parameters
|
|
|
|
The sentinel stanza currently supports only one parameter, `additional_enabled_modules`.
|
|
|
|
- `additional_enabled_modules` `(string array: [])`` - This parameter specifies a list of imports (modules)
|
|
to allow in Sentinel policies.
|
|
|
|
Vault currently enables all of Sentinel's [standard imports](https://docs.hashicorp.com/sentinel/imports/)
|
|
except the "http" import, which has performance and security implications. In the future, if any new Sentinel
|
|
imports are not automatically enabled by Vault, users could enable them in this stanza.
|
|
Note that this setting cannot be used to load custom import plugins.
|
|
|
|
~> **Warning**: Care should be taken when enabling imports (modules) which
|
|
could have performance and security implications in policies. Enabling the "http" import could cause your Vault
|
|
servers to submit outbound requests to arbitrary endpoints.
|
|
See the
|
|
[Sentinel HTTP Import](https://docs.hashicorp.com/sentinel/imports/http/)
|
|
documentation for more information.
|