HashiCorp's Vault Enterprise 1.5 has introduced new HTTP import capabilities for Sentinel, allowing for the implementation of sophisticated governance policies that were not previously possible with traditional Access Control List (ACL) policies or Vault's existing Sentinel policies. This enables more powerful governance controls in Vault, such as restricting subgroups and member entities to belong to the same namespace or its descendant namespaces. Two new Sentinel policies, get-namespace-map.sentinel and restrict-namespaces-of-group-members.sentinel, have been created to build and enforce this restriction. The get-namespace-map policy uses an auxiliary HTTP import to retrieve a namespace map from Vault's API endpoints, while the restrict-namespaces-of-group-members policy checks whether subgroups and entities belong to the same namespace or its descendant namespaces. These policies can be applied to specific Vault paths using the Vault UI, CLI, or HTTP API, allowing users to test and implement these governance controls in their own Vault clusters.