CoursesAdvanced secrets managementIdentity, policy & multi-tenancy

Governance: Sentinel, control groups & namespaces

Policy-as-code guardrails, four-eyes approval, and hard multi-tenancy.

Expert35 min · lesson 8 of 15

ACL policies answer "can this identity touch this path?" Governance answers the harder questions: "should this action be allowed given the context?", "does it need a second approver?", and "how do we keep tenants truly isolated?" This is where secrets management meets policy-as-code and change control. The tools differ by product tier, but the patterns — conditional guardrails, multi-party approval, and hard multi-tenancy — are universal and worth designing for even if you implement them differently.

Conditional guardrails: Sentinel and OPA

ACLs are allow/deny on paths; guardrail policies add logic on top. Vault Enterprise’s Sentinel (and OPA-based equivalents in other systems) can enforce rules like "root-token generation only from the corporate CIDR", "no secret reads outside business hours for this role", or "MFA required for this mount." These are role-governing policies (evaluated on every request) and endpoint-governing policies (attached to specific paths). The point is that authorization becomes contextual — the same identity and path can be allowed or denied based on when, where, and how the request arrives.

sentinel — require MFA + corporate network for prod reads
import "sockaddr"
import "mfa"
# only from the corporate CIDR
cidr = rule { sockaddr.is_within(request.connection.remote_addr, "10.0.0.0/8") }
# and only with a validated MFA method
mfa_ok = rule { mfa.methods.duo.valid }
main = rule when request.path matches "secret/data/prod/.*" {
cidr and mfa_ok
}

Control groups: four-eyes on a secret

Some secrets should never be read by one person alone. Control groups require that a request be approved by one or more other authorizers before the secret is released: the requester asks, the request enters a pending state, designated approvers sign off, and only then can the requester unwrap the value. This is four-eyes for break-glass credentials, production root passwords, or customer-data keys — the audit trail records who asked, who approved, and when, turning a sensitive read into a reviewable event instead of a silent one.

Control-group (four-eyes) read
1request secret
enters pending, not released
2approver(s) authorize
N distinct identities sign off
3unwrap
requester retrieves the value
4audit record
who asked, who approved, when
High-value secrets become a reviewable transaction, not a one-person action.

Namespaces: hard multi-tenancy

Templated policy isolates paths within one tenant space; namespaces isolate entire Vaults-within-a-Vault. Each namespace has its own policies, auth methods, secret engines, and identities, delegated to a tenant team that administers it without seeing or touching the others. This is the difference between "soft" multi-tenancy (one policy mistake away from a leak) and "hard" multi-tenancy (a structural boundary). Use namespaces when tenants are true trust boundaries — separate business units, customers, or regulatory scopes — and delegate their administration so the central team is not a bottleneck.

Governance you cannot audit is theater
Sentinel rules, control groups, and namespace boundaries are only real if they are version-controlled, peer-reviewed, and monitored. Keep guardrail policies in Git with the same review gates as application code, alarm when a control group is bypassed or a namespace admin grants themselves new engines, and test the rules — a Sentinel policy that silently evaluates to allow because of a typo is worse than no policy, because everyone believes they are protected.