Skip to main content

Creating a Policy

To create a new policy, use the policy init command:

policy init

You'll be asked to select a server. Assuming you've logged in to the Aserto Policy Registry, you'll be able to select from following:

  #  SERVER
  1  opcr.io
  2  registry.prod.aserto.com

> Select server#:

If you haven't logged in to the Aserto Policy Registry, you'll only see the opcr option. After selecting a server you'll be asked to confirm your choice, or otherwise override it with a different value:

server: (registry.prod.aserto.com):

Hitting "Enter" will confirm your choice. Otherwise, provide a different value and hit "Enter".

Next, provide your username in the policy registry you've selected:

> user  : ([YOUR_USER_NAME]):

Provide the name of the secret containing the Github token you'd like to use (by default, the name should be GITHUB_TOKEN)

> github secret name: (GITHUB_TOKEN): GITHUB_TOKEN

Specify the name of the repository you'll be pushing the policy to:

> repo  : (): [YOUR-ORGANIZATION]/[POLICY-NAME]

The following directory structure will be created:

.
├── .github
│   ├── config.yaml
│   └── workflows
│       └── build-release-policy.yaml
├── .gitignore
└── src
    ├── .manifest
    └── policies
        └── hello.rego

Update the content of the policy as needed, then follow the steps to build, tag and push the policy to OPCR.