Terraform Enterprise (Sentinel)


Integrating Bridgecrew with Terraform Enterprise embeds Bridgecrew's library of hundreds of out-of-the-box policies into every workspace run. Bridgecrew scans the workspace plans you choose and displays the results both in Terraform Enterprise's Run's page and in the Bridgecrew platform.

Integration Overview

The integration requires setup in Bridgecrew Cloud, In your VCS or a local directory and inTerraform Enterprise.

  • In Bridgecrew Cloud, initiate the Integration, then enter the Terraform token and get integration snippets.
  • In your VCS or a local directory, create a copy of the two files we provide to configure the sentinel policy set.
  • In Terraform Enterprise, create a new Sentinel Policy that relies on the configuration files.

How to Integrate

Part 1 - In Bridgecrew Cloud

  1. From the Integrations Catalog, under CI/CD, select Terraform Enterprise (Sentinel).
  1. Generate a new API token for the integration and copy the token, then click Next.
  2. Enter your Terraform Enterprise domain URL (including the protocol prefix, like https://) and Terraform Enterprise User/Org token, then click Next.
  3. Create two new files named sentinel.hcl and bridgecrew.sentinel (in your VCS, or locally).
  4. Copy each of the code snippets into the new files respectively . Note that {PATH_TO_FILE} should be replaced with the actual path. After saving the files, click Next.




Part 2 In Terraform Enterprise

  1. Under Settings, Policy sets, press Connect a New Policy Set.
  2. Connect to the VCS and the repository where your new policy files are located or select No VCS connection if they are local .
  3. Enter a policy name (recommended: Bridgecrew) and description.
  4. Press Connect policy set.
  5. Once your policy set is connected, go to the settings for that Policy Set and under "Sentinel Parameters", click on Add parameter. Set the key as bc_api_key, copy the token below for the value and check the Sensitive option.

Create Sentinel Policy in Terraform Cloud

Part 3 In Bridgecrew Cloud

Select the organization to create the integration for, then click Next and Next again to complete the integration.


Note: after the next Terraform Enterprise scan, the scanned workspace will appear in the Integrations grid; for further details, see here.

Whenever a work plan update is triggered in Terraform Enterprise for the configured workspaces, Bridgecrew checks will be run. If the check fails, details are shown including a link to Bridgecrew Cloud for further details.

See Terraform Enterprise documentation for further details on Sentinel Policies.