OPEN TALK: Securing Your Applications with Policy-As-Code and OPA


Peter ONeill
Styra, OPA Community Advocate

Peter is a community architect for Cloud Native Developer communities. Currently he is working as a Community Advocate for the OPA (Open Policy Agent) community. Previously, Peter has held engineering positions at both early stage startups and large scale enterprises. Some but not all are Mozilla, Google Fiber, strongDM, ThousandEyes. 


Spinning up exact copies of your application in multiple regions is as easy as git commit and git push. Now security policies and decisions for these applications can be just as easy. Learn how to extend your GitOps workflow to include policy-as-code. By using Open Policy Agent to write your application policy and security, you can have the benefits of GitOps for your security policies.

The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.

OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.

Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego.