Install Sentinel

3min
|
Sentinel

To use Sentinel you will need to install it. HashiCorp distributes Sentinel as a binary package. You can also install Sentinel using popular package managers.

Install binary

Retrieve the sentinel binary by downloading a pre-compiled binary. To install Sentinel, find the appropriate package for your system and download it as a zip archive.

After downloading Sentinel, unzip the package. Sentinel runs as a single binary named sentinel. You can safely remove any other files in the package and Sentinel will still function.

Finally, make sure that the sentinel binary is available on your PATH. This process will differ depending on your operating system.

Print a colon-separated list of locations in your PATH.

$ echo $PATH

Move the Sentinel binary to one of the listed locations. This command assumes that the binary is currently in your downloads folder and that your PATH includes /usr/local/bin, but you can customize it if your locations are different.

$ mv ~/Downloads/sentinel /usr/local/bin/

For more detail about adding binaries to your path, see this Stack Overflow article.

Homebrew is a free and open-source package management system for macOS. Install the official Sentinel formula from the terminal.

First, install the HashiCorp tap, a repository of all our Homebrew packages.

$ brew tap hashicorp/tap

Now, install Sentinel with hashicorp/tap/sentinel.

$ brew install hashicorp/tap/sentinel

Note

This installs a signed binary and is automatically updated with every new official release.

To update to the latest version of Sentinel, first update Homebrew.

$ brew update

Then, run the upgrade command to download and use the latest Sentinel version.

$ brew upgrade hashicorp/tap/sentinel

Verify the installation

Verify that the installation worked by opening a new terminal session and listing Sentinel's available subcommands. If you get an error that the binary could not be found, then you likely did not properly set up your PATH environment variable. Please ensure that your PATH variable contains the directory where you installed Sentinel.

$ sentinel --help
Usage: sentinel [--version] [--help] <command> [<args>]

Available commands are:
    apply      Execute a policy and output the result
    fmt        Format Sentinel policy to a canonical format
    test       Test policies
    version    Prints the Sentinel runtime version

Add any subcommand to sentinel --help to learn more about what it does and available options.

$ sentinel -help test
Usage: sentinel test [options] [POLICY ...]

  Execute and verify behavior of policies.

  This runs the policy with a set of test case configurations and verifies
  that rules result in the expected values. Test cases are expected to be in
  "test/<policy>/*.hcl" files where "<policy>" is the name of the
  policy filename without an extension.

  You may specify a list of zero or more files or directories to search for
  policies. If nothing is specified, the current directory is searched.
## ...

Next steps

Now that you have installed Sentinel locally, continue to the next tutorial to write and test your first Sentinel policy.

What is Policy as Code?

Write policy