--- layout: docs page_title: Sentinel in Consul sidebar_current: docs-agent-sentinel description: >- Consul Enterprise uses Sentinel to augment the built-in ACL system to provide advanced policy enforcement. Sentinel policies can currently execute on KV modify and service registration. --- # Sentinel Overview [//]: # ' ~> The Sentinel functionality described here is available only in ' [//]: # ( [Consul Enterprise](https://www.hashicorp.com/products/consul/) version 1.0.0 and later. ) <%= enterprise_alert :consul %> Consul 1.0 adds integration with [Sentinel](https://hashicorp.com/sentinel) for policy enforcement. Sentinel policies help extend the ACL system in Consul beyond the static "read", "write", and "deny" policies to support full conditional logic and integration with external systems. ## Sentinel in Consul Sentinel policies are applied during writes to the KV Store. An optional `sentinel` field specifying code and enforcement level can be added to [ACL policy definitions](/docs/agent/acl-rules.html#sentinel-integration) for Consul KV. The following policy ensures that the value written during a KV update must end with "dc1". ```text key "datacenter_name" { policy = "write" sentinel { code = < 8 and time.now.hour < 17 } EOF } } ```