Manage OPA for Cloud-native Authorization

Manage Open Policy Agent at Scale

Ensure OPA policy is managed, maintained, distributed and monitored across the cloud-native stack

Styra Declarative Authorization Service was purpose-built by the founders of Open Policy Agent as the unified control plane for managing OPA in production.

Manage Policy As Code

Treat policy-as-code as a first class citizen in CI/CD

When policy is defined as code, it should be managed as code. GitOps defines the new way of continuous delivery for cloud-native environments. With Git as the source of truth for describing deployments, all change requests must be handled as code and maintained in the Git repository.

Styra DAS allows teams to author policy via the Styra UI, CLI or APIs, and then store the subsequent policies in Git. Styra also includes the ability to fetch policy bundles from Git and distribute them to the appropriate Open Policy Agent instances.

Validate Before Deployment

Ensure policy will have the intended effect before committing or deploying

Any change to authorization policy can result in broken access or broken apps. While GitOps peer reviews help eliminate errors, teams are only human, and cannot be expected to be perfect. Styra DAS was built specifically to manage critical OPA policy at scale, and that means proving a way to validate changes before committing them.

Since Styra DAS keeps a record of all previous policy decisions, teams can use the past to predict the future, and evaluate new policy changes automatically. This replay ability ensures that policy changes end up with expected results. Unit testing, compliance checking and policy output validation all mitigate the risk of human error, and prevent downtime or accidental risk.

Distribute OPA Policy

Eliminate time spent building custom policy distribution and storage

Arriving at a single policy often takes cross-functional coordination, communication and agreement. But maintaining consistent policy across teams, clusters, clouds and more shouldn’t be a superhuman task.

Styra DAS was designed from day one to manage and simplify policy distribution across OPA instances, wherever they are in the stack. Whether for application-level authorization like ACLS, RBAC, ABAC or IAM, for authorizing appropriate access to data, or for defining and evaluating infrastructure policy at the cloud/host or Terraform level—Styra DAS provides a streamlined solution for consistent deployments.

Monitor Authorization Decisions

Prove that policy is present, effective and performant both in real time, and historically

When policy-as-code is critical for security, compliance or privacy purposes, monitoring becomes critical. Outages or anomalous behavior should feed SIEMs and SecOps processes to speed rapid response and thwart attacks. Styra DAS provides real-time data to not only verify authorization performance, but also to provide early insights that can indicate business risk.

Communicating policy-as-code effectiveness across teams—especially teams of non-coders—can be a real challenge. That’s why Styra DAS also provides detailed decision logs that show the input and output of OPA policy decisions. Every decision can be displayed visually, and historical decisions can be replayed through current authorization policy to demonstrate where policy changes and updates have taken effect. Styra DAS lets teams prove the value of policy-as-code, even when auditors, security, or compliance teams aren't coders.