Terraform Cloud now supports policy runtime version management
With this new feature, users can now select Sentinel or OPA versions when provisioning in Terraform Cloud.
Policies are rules that HashiCorp Terraform Cloud enforces at the Terraform run phase that can help with security, compliance, and cost management. Policies can be defined in Terraform Cloud using Sentinel and the Open Policy Agent (OPA) policy as code frameworks.
Today, we are excited to announce a new feature that addresses a critical challenge faced by customers in policy as code integration with Terraform Cloud: policy runtime version management; a new feature that enables users to select a specific Sentinel or OPA runtime version for their policy sets. This update introduces a policy runtime version pinning feature that provides Terraform Cloud users with more control, flexibility, and stability in their policy deployments.
Policy runtime version management enables users to select specific policy as code runtime versions in Terraform Cloud to reduce the impact of version conflicts, unexpected upgrades, and bugs, making policy enforcement more stable and efficient.
» Policy versioning challenges
Previously, Terraform Cloud users were required to use the most recent version of Sentinel or OPA, which inconvenienced customers who prefer to pin their policy set to a particular policy engine’s runtime version. This limitation could become problematic when new versions of Sentinel or OPA introduced language changes or syntax conflicts, resulting in broken policies and leading to provisioning failures and delays.
» Introducing policy runtime version management
Policy runtime version management provides increased control over policy as code versioning in Terraform Cloud. By default, Terraform Cloud will still use the latest Sentinel or OPA version, but users can now select specific runtime versions from a list of previously supported releases.
![With policy runtime version management, Terraform Cloud users can select from a list of available runtime versions.](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1696261528-image.png&w=3840&q=75)
With policy runtime version management, Terraform Cloud users can select from a list of available runtime versions.
» Getting started with policy runtime version management
To start managing policy runtime versions in Terraform Cloud, check out the policy runtime documentation.
You can get started with Terraform Cloud for free to begin provisioning and managing your infrastructure in any environment. And don’t forget to link your Terraform Cloud and HashiCorp Cloud Platform (HCP) accounts together for a seamless sign-in experience.
Sign up for the latest HashiCorp news
More blog posts like this one
![Terraform extension for VS Code speeds up loading of large workspaces](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1714155806-blog-library-product-terraform-dark-gradient.jpg&w=3840&q=75)
Terraform extension for VS Code speeds up loading of large workspaces
New releases of the HashiCorp Terraform extension for Visual Studio Code and Terraform language server significantly reduce memory usage and start up time for large workspaces.
![Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1572286031-vault-terraform-background.png&w=1920&q=75)
Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?
Learn how HCP Terraform and Terraform Enterprise users can use Vault-backed dynamic credentials to secure their infrastructure during provisioning better than the base-level dynamic provider credentials.
![HCP Terraform adds granular API access for audit trails](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1714170900-blog-library-product-hcp-terraform-dark.jpg&w=3840&q=75)
HCP Terraform adds granular API access for audit trails
HCP Terraform eliminates the need to rely on organization permissions to the audit trails endpoint, streamlining permissions workflows and reducing risk.