Code runs. Rules decide.

Open Policy Agent (OPA) is the foundation for enforcing Policy‑as‑Code across modern systems. It gives you a unified way to define, test, and deploy policies so they’re consistent everywhere—services, APIs, Kubernetes, CI/CD pipelines, and more.

OPA uses Rego, a purpose‑built policy language. Rego is declarative: you write what must be true, OPA evaluates it against input data, and decisions return in milliseconds. No hidden logic, no baked‑in rules inside applications. Policies live as version‑controlled code, reviewed like any other artifact.

Policy‑as‑Code means no manual gatekeeping, no ad hoc emails approving deployments. Every compliance rule, security check, and authorization path is automated. With OPA, governance is portable. You can run it as a sidecar, embed it in services, or call it over HTTP.

Common use cases:

• Authorization for microservices and APIs
• Admission control in Kubernetes clusters
• Preventing insecure infrastructure changes in Terraform
• Enforcing SOC 2 or HIPAA requirements across CI/CD workflows

Integration is direct. Feed OPA JSON input. Load policies from Git. Evaluate. OPA returns allow/deny along with rich explanations. Debugging is straightforward with the built‑in decision log and policy profiler.

The real power is scale. One policy can govern hundreds of systems. Update it once, roll it out everywhere. This is how you reduce drift, slash audit time, and harden security posture without slowing delivery.

Policy‑as‑Code is not theory anymore. OPA proves it works—fast, portable, reliable.

See it in action with hoop.dev. Deploy an OPA‑backed workflow in minutes. Watch policies make real‑time decisions you control.