Terraform enterprise with OPA: How we reduced toil and improved security
Open Policy Agent (OPA) has gained a lot of popularity over the past couple of years, but most users still limit its use towards software security and regard it as a "security tool".
I respectfully disagree. OPA (with rego) is able to access any structured data (JSON, YAML, objects), and offload validations, checks and restrictions from Apps to an external tool (OPA).
For this talk, I will be covering a used case on how such "validation/check offload" was implemented with Terraform Enterprise. With this, we were able to cut down dev toil by over 35% and included ways to catch what would otherwise be disastrous events (which would not have been caught by humans).
The audience will benefit from the expansive use of OPA and hopefully find other uses for it.