Skip to main content

Creating a Policy

To create a new policy, use the policy init command:

policy init

You'll be asked to select a server. Assuming you've logged in to the Aserto Policy Registry, you'll be able to select from following:

  #  SERVER  1  opcr.io  2  registry.prod.aserto.com
> Select server#:

If you haven't logged in to the Aserto Policy Registry, you'll only see the opcr option. After selecting a server you'll be asked to confirm your choice, or otherwise override it with a different value:

server: (registry.prod.aserto.com):

Hitting "Enter" will confirm your choice. Otherwise, provide a different value and hit "Enter".

Next, provide your username in the policy registry you've selected:

> user  : ([YOUR_USER_NAME]):

Provide the name of the secret containing the Github token you'd like to use (by default, the name should be GITHUB_TOKEN)

> github secret name: (GITHUB_TOKEN): GITHUB_TOKEN

Specify the name of the repository you'll be pushing the policy to:

> repo  : (): [YOUR-ORGANIZATION]/[POLICY-NAME]

The following directory structure will be created:

.โ”œโ”€โ”€ .githubโ”‚ย ย  โ”œโ”€โ”€ config.yamlโ”‚ย ย  โ””โ”€โ”€ workflowsโ”‚ย ย      โ””โ”€โ”€ build-release-policy.yamlโ”œโ”€โ”€ .gitignoreโ””โ”€โ”€ src    โ”œโ”€โ”€ .manifest    โ””โ”€โ”€ policies        โ””โ”€โ”€ hello.rego

Update the content of the policy as needed, then follow the steps to build, tag and push the policy to OPCR.