The Open Policy agent can be configured to consume policy bundles from remote HTTP servers, including support for AWS S3, Google Cloud Storage, and Azure Blog Storage.
As of version
v0.40.0, OPA can now consume policy bundles packaged as OCI images. This allows building and tagging OPA policies just like docker containers, including using tools like
cosign to sign those images and verify the signatures.
OCI images can be built using the
policy CLI, part of the Open Policy Registry project.
Read on for more details!