I know Sentinel comes integrated in TFE, but is it possible to run Sentinel outside TFE?
While my institution does have TFE, we have some use cases where we run Terraform provisioning directly through CI/CD pipelines. Ideally, we would like to leverage Sentinel to enforce the policies too.
There’s a blog illustrating the use of Sentinel CLI to pull this off:
But, I’m not exactly sure how Sentinel CLI would know the existence of the generated plan to do the policy check since there’s no such thing as mock data outside of TFE.
Hmm… I assume if I use remote operations, then the state must be managed in TFE workspace too? Currently, with our non-TFE work, the states are stored remotely in Google storage buckets.