edge
Core Docs Introduction Philosophy Policy Language Policy Reference Policy Testing Policy Performance External Data Integrating OPA Extending OPA REST API CLI Intermediate Representation (IR) WebAssembly
Kubernetes Overview & Architecture Policy Primer via Examples Tutorial: Ingress Validation Debugging Tips
Envoy Overview & Architecture Policy Primer via Examples Tutorial: Standalone Envoy Tutorial: Gloo Edge Tutorial: Istio Performance Debugging Tips
Other Use Cases AWS CloudFormation Hooks Docker GraphQL APIs HTTP APIs Kafka SSH and sudo Terraform
Operations Configuration Deployment Monitoring Security Privacy Storage
Management APIs Overview & Architecture Bundles Decision Logs Status Discovery
Contributing How to contribute Contributing Docs Contributing Code Development Adding Built-in Functions
Miscellaneous OAuth2 and OIDC Samples Editor and IDE Support Comparison to Other Systems
Support FAQ OPA Ecosystem Enterprise
OPA Ecosystem Edit

Showcase of OPA integrations, use-cases, and related projects.

Integrations are ordered by the amount of related content.

Kubernetes Admission Control

Terraform Policy

Styra Declarative Authorization Service

Container Network Authorization with Envoy

Authorization for Java Spring Security

Kafka Topic Authorization

Aserto

Container Network Authorization with Istio (at the Edge)

Custom Application Authorization

Enterprise OPA

Fairwinds Insights Configuration Validation Software

Permit.io

HTTP API Authorization in PHP

Rönd

Strimzi (Apache Kafka on Kubernetes)

Topaz

Authorization Integration with Apache APISIX

AWS CloudFormation Hook

Ceph Object Storage Authorization

i2scim.io SCIM Restful User/Group Provisioning API

Kubernetes Authorization

Kubescape Kubernetes security posture scanner

OPAL (Open Policy Administration Layer)

Open Policy Registry

Pulumi

Regal - The Rego Linter

Scalr - Policy enforcement for Terraform

Spacelift

SPIRE

Torque

walt.id

Boomerang Bosun Policy Gating

Custom Bottle Application Authorization

Kubernetes Admission Control using Vulnerability Scanning

Cloudflare Worker Enforcement of OPA Policies Using WASM

Conftest -- Configuration checking

Container Signing, Verification and Storage in an OCI registry

Dapr

HTTP API Authorization in Dart

Docker controls via OPA Policies

Elasticsearch Data Filtering

fig

Flask-OPA

GCP audit with Forseti

Gloo API Gateway

Google Calendar

Google Kubernetes Engine (GKE)

Gradle Build Plugin

GraphQL

IPTables

Container Network Authorization with Istio (as part of Mixer)

API Gateway Authorization with Kong

Secure Kubernetes using eBPF & Open Policy Agent

SSH and Sudo Authorization with Linux

Magda

OAuth2

OpenID Connect (OIDC)

Open Service Mesh (OSM)

OpenFaaS Serverless Function Authorization

OPToggles (Open Policy Toggles)

Pomerium Access Proxy

Pre-commit hooks

Rekor transparency log monitoring and alerting

Reposaur

Sansshell

Spinnaker Pipeline Policy Enforcment

SQL Database Data Filtering

Terraform Cloud

Self-hosted Alternative to OPA Playground

Alluxio

ANTLR Grammar

ASP.NET Core

Awesome OPA List

AWS API Gateway

CircleCI

App authorization for Clojure

CoreDNS Authorization

Library-based Microservice Authorization

Easegress

Emissary-Ingress

fiber

Gluu Gateway Authorization

Custom Application with Field-level Authorization in Graphene GraphQL

Authorization for Java

Jenkins Job Trigger Policy Enforcement

Kubernetes Provisioning

Minio API Authorization

Nginx

NodeJS express

Automatically document Rego policies

Kubernetes Sysdig Image Scanner Admission Controller

Traefik API Gateway

ccbr