Terraform security: 5 foundational practices
Learn about five practices to securely write, apply, and manage Terraform configuration and state.
HashiCorp at re:Inforce: Advancing Security Lifecycle Management with AWS
HashiCorp will be at AWS re:Inforce 2025 sharing expert talks, product demos, and news announcements.
Terraform ephemeral resources, Waypoint actions, and more at HashiDays 2025
HashiCorp Terraform, Waypoint, and Nomad continue to simplify hybrid cloud infrastructure with new capabilities that help secure infrastructure before deployment and effectively manage it over time.
Terraform adds new pre-written Sentinel policies for AWS Foundational Security Best Practices
HashiCorp and AWS introduced a new pre-written policy library to help organizations meet AWS’s Foundational Best Security Practices (FSBP).
Simplify policy adoption in Terraform with pre-written Sentinel policies for AWS
The new pre-written policy library co-developed by HashiCorp and AWS is now generally available, aiming to reduce the barrier of adoption for policy as code infrastructure workflows.
Fannie Mae’s process for developing policy as code with Terraform Enterprise and Sentinel
Learn how to implement the policy as code development lifecycle used in the highly regulated cloud environments at Fannie Mae.
Nomad 1.8 adds exec2 task driver, support for Consul API gateway, and transparent proxy
HashiCorp Nomad 1.8 introduces an exec2 driver, a refreshed UI for the jobs index page, Consul API gateway and transparent proxy support, and more.
Terraform Cloud adds on-demand policy evaluation
On-demand policy evaluation improves visibility and control by letting users evaluate the effects of policy changes in Terraform Cloud before they are enforced.
PKI certificate issuance flexibility with Vault CIEPS
HashiCorp Vault Enterprise 1.15 adds an external policy service for issuing PKI certificates. Learn about its benefits and how it compares to existing policy services.
Terraform Cloud now supports policy runtime version management
With this new feature, users can now select Sentinel or OPA versions when provisioning in Terraform Cloud.
6 ways Terraform can help secure your infrastructure
Secure your infrastructure by bridging skills gaps, enabling standard workflows, and enforcing policy guardrails with Terraform.
Sentinel and control groups now available in HCP Vault
HCP Vault Plus Clusters add support for Sentinel policies and control groups.
DevEx improvements in HashiCorp Sentinel
Recent releases of Sentinel have targeted improvements to the developer experience.
Terraform Cloud adds new Sentinel policy review UI
Introducing a more efficient, streamlined way of managing policy as code workflows in Terraform Cloud.
Native OPA Support in Terraform Cloud Is Now Generally Available
Native Open Policy Agent (OPA) support allows customers who have standardized on OPA to bring their policies into Terraform Cloud.
Introducing Sentinel Policies to the Terraform Registry (Beta)
Terraform Sentinel policies are now available in the Terraform Registry so you can publish policies you want to share and search the Registry for policies you need.
Terraform Cloud Run Tasks are Now Generally Available
Integrate security, compliance, and cost management into the Terraform Cloud workflow using Run Tasks. Now generally available.
Elegant Cert Governance with Vault Identity and Sentinel Policy
Learn how using policy as code to enforce governance for certificate creation inside HashiCorp Vault reduces cost of ownership and lowers risk.
Using Rich Return Types and Map Expressions in Sentinel 0.17
Sentinel 0.17 provides the ability to return non-boolean data within a policy. See examples of how to use this new functionality to improve compliance reporting capabilities.
Announcing HashiCorp Sentinel 0.16
Sentinel 0.16 unifies the policy authoring workflow by including HCL support and expanding the standard imports.
Using Sentinel's HTTP Import in HashiCorp Vault Enterprise
New Sentinel HTTP import capabilities in Vault Enterprise 1.5 enable new sophisticated governance policies. See it in action.
Announcing the Sentinel Playground
Today, the Sentinel team is pleased to announce the release of the Sentinel Playground. We have built the Playground so that new and existing customers have access to a zero-install development environment. Now, practitioners can learn and experiment with policy as code in minutes without having to install and maintain runtime environments on their own machines.
A guide to cloud cost optimization with HashiCorp Terraform
Engineers are becoming the new cloud financial controllers as finance teams begin to lose some of their direct control over new fast-paced, on-demand infrastructure consumption models driven by cloud. So the question becomes: What are the people, processes, and technologies I can use to navigate this sea change?
Using the Terraform Foundational Policies Library with Microsoft Azure
This demo explores how to use the Terraform Foundational Policies Library to apply pre-written policies, in accordance with the Center for Internet Security benchmarks, on a HashiCorp configuration for Microsoft Azure.
Using the Terraform Foundational Policies Library with GKE
This demo explores how to use the Terraform Foundational Policies Library to apply pre-written policies, in accordance with the Center for Internet Security benchmarks, on a HashiCorp configuration for Google Cloud Platform’s flavor of Kubernetes, GKE.
Announcing Terraform Foundational Policy Library Preview
HashiCorp Terraform provides cloud infrastructure automation with infrastructure and policies as code. Policy as code is becoming the popular approach to embedding guardrails into the provisioning workflow while not slowing down end-users who are provisioning infrastructure. Terraform uses Sentinel policy as code to embed these policies. Today we are pleased to announce the preview release of the Terraform Foundational Policies Library for Terraform Cloud.
Terraform Sentinel v2 Imports Are Now GA
Last month we announced a technical preview of the next generation of Sentinel imports in Terraform Cloud. We are now happy to announce the API is stable and generally available for use in production for Terraform Sentinel policies.
Terraform Sentinel v2 Imports Now in Technology Preview
We've released a tech preview of Sentinel's completely re-designed import API, which better reflects Terraform 0.12's updated data model.
Expanding the tfrun import for Sentinel in Terraform Enterprise and Cloud
Last November we announced the release of the tfrun import for Sentinel in Terraform Enterprise and Cloud. The release of the new tfrun import provided customers with an improved policy authoring workflow and the flexibility to author policies that could be applied to an entire organization and reduce the need for policy duplication. Since then we have had a steady flow of feedback from customers covering different use cases that prompted us to extend the list of attributes exposed by the tfrun import.
How AGL Uses HashiCorp Terraform Enterprise and Sentinel to Enable Cloud Native Capabilities
This is a guest blog case study by AGL Energy, Australia’s largest private developer of renewable energy assets. Hear how they use Terraform Enterprise and Sentinel policy as code.
Announcing tfrun import for Sentinel in Terraform Enterprise and Cloud
HashiCorp Terraform users who are implementing policy as code with HashiCorp Sentinel have been looking for improved ways to write policies that are broad enough to apply to their entire organizations while also being able to accomodate the detail or needs specific to individual groups within the organization. To help support this need, Sentinel policies now support enforcement decisions based on data from context in which policies are run.
Terraform Learning Resources: Getting Started with Sentinel in Terraform Cloud
The Sentinel Getting Started track on the Learn platform will teach new users policy vocabulary, how to build policies, creating policy sets, mocking and testing policies with the Sentinel Simulator, and using the Terraform Sentinel Provider.
Writing and Testing Sentinel Policies for Terraform Enterprise
We are excited to announce the publication of a new Writing and Testing Sentinel Policies for Terraform Enterprise Guide to our Resource Library. This comprehensive guide teaches you how to write and test governance policies that restrict the infrastructure provisioned by Terraform Enterprise.
Using Terraform to Improve Infrastructure Security Posture
In addition to providing for more rapid deployments, Terraform has features for securing those deployments and lowering risk.This blog will cover the features you can use to improve the security posture of your infrastructure: Sentinel policy as code, Terraform module registry, and HashiCorp Vault integration.
Applying Policy as Code to Kubernetes Resources
Using HashiCorp Terraform Enterprise and the Kubernetes provider we can apply fine-grained policy enforcement using Sentinel to Kubernetes resources, before the changes to the resources are applied on the cluster. This blog post explores using Sentinel in Terraform Enterprise to manage Kubernetes clusters and enforce Kubernetes service types and namespace naming conventions.
Using Sentinel Policy to enforce continuous deployment windows
In the same way that we can embed Sentinel into a pipeline to enforce policy for Terraform plans, or Vault secrets, we can also enforce policy in a continuous delivery pipeline. In this post, we are going to examine how Sentinel Policy and the Sentinel Simulator can be used to ensure your CD system only deploys your application within a specified time window.
TFE and Sentinel: Provisioning Policy for Data Sovereignty in the Cloud
Infrastructure as code with HashiCorp Terraform enables operators to automate provisioning at scale. This comes with risks, as every action can have larger effects. Sentinel policy as code places guardrails to protect users from creating infrastructure changes that fall outside of business, security, and compliance policies. This blog will take a look at writing and enforcing a policy using Terraform Enterprise to restrict provisioning resources in certain availability zones to ensure data sovereignty.
Why Policy as Code?
HashiCorp advocates for "infrastructure as code" approaches to managing infrastructure. We have talked about it publicly and published about it in our Tao of HashiCorp. At HashiConf 2017, we announced Sentinel, a framework for "policy as code". The same coding practices that are applied to infrastructure can be very effective in enforcing and managing policies. Codifying policy removes the need for ticketing queues, without sacrificing enforcement.
Sentinel and Terraform Enterprise: Applying policy as code to infrastructure provisioning
Infrastructure as code with HashiCorp Terraform enables operators to automate provisioning at scale. This comes with risks, as every action can have larger effects. Sentinel policy as code places guardrails to protect users from creating infrastructure changes that fall outside of business and/or regulatory policies.
Announcing Sentinel, HashiCorp’s Policy as Code Framework
Sentinel is an embedded policy as code framework in the HashiCorp Enterprise products to enable fine-grained, logic-based policy guardrails.
HashiCorp Announcements at HashiConf 2017
Today at HashiConf 2017 in Austin, Texas, we announced major updates and new features across our entire suite of open source and enterprise products, including HashiCorp Terraform, HashiCorp Vault, HashiCorp Consul, and HashiCorp Nomad. In addition to these product updates, we announced the release of Sentinel, our new policy as code framework that integrates across the Enterprise product suite, and the Terraform Module Registry, which provides example infrastructure templates to make provisioning across cloud environments easier, and so much more.