One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.
Historically, Open Policy Agent (OPA) enforcement points have automatically consumed the most recently published policy bundle from Styra DAS, which has led to greater inherent risk in publishing policy bundles, as well as a need to roll forward through the traditional software development lifecycle around policy in the event that errant policy escapes to production workloads.
With the Styra DAS Bundle Registry, users have the option to manually select the exact policy bundle that is desired for deployment, as well as to manually rollback to the most recent previously deployed policy in a one-button break glass workflow, avoiding the friction of reauthoring or editing policy in the event of an emergency.
Bundle Registry is available to all customers of Styra DAS Enterprise, and more information on the feature can be found in its documentation. For more information on how Styra DAS can help manage policy across Kubernetes, infrastructure-as-code, microservices, and more, please visit our product page.
And as always, if you have any questions, please schedule a demo and we can get you started safely managing policy-at-scale today.
May 20, 2020
Microservices Authorization: Styra DAS moves up the stack