Policy-based control for cloud native environments

Empower your administrators with flexible, fine-grained control across the entire stack.

Unified

Decouple policy decisions from your services to achieve unified control across the entire stack with any language or service.

Declarative

Express policies in a high-level declarative language that promotes safe, fine-grained logic and enables powerful features such as impact analysis, hot reloading, query optimization, and more.

Context-aware

Leverage arbitrary external document-oriented data (JSON) in policies to ensure that important requirements are enforced throughout the organization.

Use Cases

OPA is a general-purpose policy engine that helps solve use cases ranging from authorization and admission control to resource placement. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help you get started.

Microservices

Deliver fine-grained access control across your microservice fleet.

Containers

Enforce important cost, security, and performance requirements in your platform layer.

Infrastructure

Extend policy-based control down to your infrastructure components with OPA.

Key Features

Decoupled

Administrators can manage policies dynamically without requiring changes to services.

Easy to Deploy

OPA has zero deployment dependencies. It runs as a daemon side-by-side with your service and shares its fate for the purposes of high availabilty.

Compatible

OPA’s RESTful APIs use JSON over HTTP so you can integrate OPA with your service no matter which programming language you use.

Responsive

OPA is designed from scratch with latency-sensitive applications in mind, enforcing policies with minimal performance impact.

Interactive

Anyone can use OPA’s interactive shell to quickly experiment with queries and data sets.

Embeddable

Services written with Go can use OPA as a library and do not need to run a separate daemon.