Policy-based control for cloud native environments

Empower your administrators with flexible, fine-grained control across the entire stack.


Decouple policy decisions from your services to achieve unified control across the entire stack with any language or service.


Express policies in a high-level declarative language that promotes safe, fine-grained logic and enables powerful features such as impact analysis, hot reloading, query optimization, and more.


Leverage arbitrary external document-oriented data (JSON) in policies to ensure that important requirements are enforced throughout the organization.

Use Cases

OPA is a general-purpose policy engine that helps solve use cases ranging from authorization and admission control to resource placement. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help you get started.


Deliver fine-grained access control across your microservice fleet.


Enforce important cost, security, and performance requirements in your platform layer.


Extend policy-based control down to your infrastructure components with OPA.

Key Features


Administrators can manage policies dynamically without requiring changes to services.

Easy to Deploy

OPA has zero deployment dependencies. It runs as a daemon side-by-side with your service and shares its fate for the purposes of high availabilty.


OPA’s RESTful APIs use JSON over HTTP so you can integrate OPA with your service no matter which programming language you use.


OPA is designed from scratch with latency-sensitive applications in mind, enforcing policies with minimal performance impact.


Anyone can use OPA’s interactive shell to quickly experiment with queries and data sets.


Services written with Go can use OPA as a library and do not need to run a separate daemon.