Skip to main content

Policy Repository Location

Step 3: Server config - policy repo location

OPAL server is responsible to track policy changes and push them to OPAL clients.

At the moment, OPAL can tracks a git repository as the policy source.

(Mandatory) Repo location

Env Var NameFunction
OPAL_POLICY_REPO_URL
  • The repo url the policy repo is located at.
  • Must be available from the machine running OPAL (opt for public internet addresses).
  • Supported URI schemes: https:// and ssh (i.e: git@).

(Optional) SSH key for private repos

If your tracked policy repo is private, you should declare this env var in order to authenticate and successfully clone the repo:

Env Var NameFunction
OPAL_POLICY_REPO_SSH_KEY
  • Content of the var is a private crypto key (i.e: SSH key)
  • You will need to register the matching public key with your repo. For example, see the GitHub tutorial on the subject.
  • The passed value must be the contents of the SSH key in one line (replace new-line with underscore, i.e: \n with _)

(Optional) Clone/pull settings

For these config vars, in most cases you are good with the default values:

Env Var NameFunction
OPAL_POLICY_REPO_CLONE_PATHWhere (i.e: base target path) to clone the repo in your docker filesystem (not important unless you mount a docker volume)
OPAL_POLICY_REPO_MAIN_BRANCHName of the git branch to track for policy files (default: `master`)