A new platform for documentation and tutorials is launching soon.
We are migrating Nomad documentation into HashiCorp Developer, our new developer experience.
»Command: sentinel apply
sentinel apply command is used to write a new, or update an existing,
Sentinel commands are new in Nomad 0.7 and are only available with Nomad Enterprise.
nomad sentinel apply [options] <Policy Name> <Policy File>
sentinel apply command requires two arguments, the policy name and the
policy file. The policy file can be read from stdin by specifying "-" as the
Sentinel commands are only available when ACLs are enabled. This command requires a management token.
-address=<addr>: The address of the Nomad server. Overrides the
NOMAD_ADDRenvironment variable if set. Defaults to
-region=<region>: The region of the Nomad server to forward commands to. Overrides the
NOMAD_REGIONenvironment variable if set. Defaults to the Agent's local region.
-no-color: Disables colored command output. Alternatively,
NOMAD_CLI_NO_COLORmay be set. This option takes precedence over
-force-color: Forces colored command output. This can be used in cases where the usual terminal detection fails. Alternatively,
NOMAD_CLI_FORCE_COLORmay be set. This option has no effect if
-no-coloris also used.
-ca-cert=<path>: Path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. Overrides the
NOMAD_CACERTenvironment variable if set.
-ca-path=<path>: Path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. If both
-ca-certis used. Overrides the
NOMAD_CAPATHenvironment variable if set.
-client-cert=<path>: Path to a PEM encoded client certificate for TLS authentication to the Nomad server. Must also specify
-client-key. Overrides the
NOMAD_CLIENT_CERTenvironment variable if set.
-client-key=<path>: Path to an unencrypted PEM encoded private key matching the client certificate from
-client-cert. Overrides the
NOMAD_CLIENT_KEYenvironment variable if set.
-tls-server-name=<value>: The server name to use as the SNI host when connecting via TLS. Overrides the
NOMAD_TLS_SERVER_NAMEenvironment variable if set.
-tls-skip-verify: Do not verify TLS certificate. This is highly not recommended. Verification will also be skipped if
-token: The SecretID of an ACL token to use to authenticate API requests with. Overrides the
NOMAD_TOKENenvironment variable if set.
-description: Sets a human readable description for the policy
-scope: (default: submit-job) Sets the scope of the policy and when it should be enforced.
-level: (default: advisory) Sets the enforcement level of the policy. Must be one of advisory, soft-mandatory, hard-mandatory.
Write a policy:
$ nomad sentinel write -description "My test policy" foo test.sentinel Successfully wrote "foo" Sentinel policy!