Terraform
Using Policies from the Terraform Registry
Collections of Sentinel policies are available in the Terraform Registry as policy libraries. You can use these policies in both HCP Terraform and the Sentinel CLI.
The Terraform Registry acts as a remote source for policies that you include in a standard Sentinel configuration file.
Finding Policies in the Terraform Registry
You can browse policy libraries available on the Terraform Registry or use keywords to search for policies relevant to your use cases.
To view documentation for specific policies within a library:
- Go to the policy library.
- Click Choose policies. Available policies are listed in the bottom left of the window.
- Click on the name of any policy to display its documentation.
Using Policies in HCP Terraform or Sentinel CLI
You can use one or more policies from a policy library to create an HCP Terraform policy set. You can also use policies directly with the Sentinel CLI. The Terraform Registry auto-generates the HCL code you need to configure each policy.
To get the HCL configuration code for one or more policies:
- Go to the policy library and click Choose policies.
- Select the policies you want to use in the bottom left of the window. The Terraform Registry populates HCL code in the Usage Instructions field.
- Click Copy Code Snippet to copy the HCL code to your clipboard.
- Paste the HCL code into a Sentinel configuration file or HCP Terraform
sentinel.hcl
file.
HCP Terraform
We recommend defining all of the policies for an HCP Terraform workspace in a single sentinel.hcl
file. You may wish to change the enforcement level in the auto-generated HCL code snippets. By default, this is set to advisory
.
After you add the configuration code to your sentinel.hcl
file, create a new policy set in HCP Terraform and apply it to one or more workspaces.