Back to glossary

OPA

Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

AbbreviationOPA
Categorydev

Overview

OPA provides a high-level declarative language called Rego to define policies. It can be used to control access to APIs, Kubernetes resources, CI/CD pipelines, and more, decoupling policy logic from the application code.

How it Works

  1. An application sends a Query (JSON data) to OPA.
  2. OPA evaluates the query against its Policies and Data.
  3. OPA returns a Decision (e.g., Allow/Deny, or a complex JSON object).

Use Cases

  • Kubernetes Admission Control: Ensuring pods meet security standards.
  • API Authorization: Deciding which users can access which endpoints.
  • Terraform Plan Validation: Checking for insecure infrastructure configurations.

Related Terms

Policy as CodeCompliance as Code