Policy as code

What is Policy as code?

Policy-as-code, similar to Infrastructure-as-code, is the concept of using declarative code to replace actions that require using a user interface. By representing policies in code, proven software development best practices can be adopted, such as version control, collaboration, and automation.

How does it work?

Once the Policy-as-code (PaC) mode is enabled, the only way to change the policies in your account is by publishing a YAML configuration file (policies.yaml) with the defined policies.

1. Enable Policy-as-code (PaC) mode

On the Settings page, toggle on the Policy-as-code switch.

Policy-as-code mode
Policy-as-code mode

2. Apply a new policies configuration

To change the policies in your account you will need to update the policies configuration YAML file (policies.yaml) and publish it:

Terminal

Once a new policy configuration file is published, it will override the existing policies set up in your account.

policies.yaml

You can export your policies configurations via the dashboard or write a new policies configuration YAML file from scratch:

  • name - the name of your policy (e.g. "staging")
  • isDefault - policy to evaluate when -policy flag is not used
  • identifier - unique rule ID (can be also found in the rule docs)
  • messageOnFailure - message to show when the rule is failing

[Example] single policy configuration

policies.yaml

[Example] multiple policies configuration

policies.yaml

Disabling a rule from a policy

Delete the rule or comment out (#) from the rules list property

YAML

Default policies YAML file

policies.yaml