OPA decision logs
Definition
OPA (Open Policy Agent) decision logs are records of policy decisions made by OPA. These logs capture details such as the input to the policy, the decision outcome, and metadata like timestamps. Decision logs are crucial for auditing, debugging, and understanding policy behavior over time. They help ensure that policies are enforced as intended and provide insights into access patterns and potential security issues.
Secure Settings Example
# OPA configuration for enabling decision logs with secure settings
decision_logs:
plugin: "http"
reporting:
min_delay_seconds: 300
max_delay_seconds: 600
service: "decision-log-service"
services:
- name: "decision-log-service"
url: "https://logs.example.com"
credentials:
bearer:
token: "secure-token"
Insecure Settings Example
# OPA configuration with insecure decision log settings
decision_logs:
plugin: "http"
reporting:
min_delay_seconds: 0
max_delay_seconds: 0
service: "decision-log-service"
services:
- name: "decision-log-service"
url: "http://insecure-logs.example.com"
credentials:
bearer:
token: "insecure-token"