Philipp Krenn

OPA for the cloud natives

Stop embedding security rules in brittle scripts. OPA lets you manage policy as auditable, version-controlled code, enforced consistently across your stack.

OPA for the cloud natives
#1about 3 minutes

Decoupling security checks from application deployment

Traditional embedded security checks are hard to audit and maintain, so decoupling them as policy-as-code enables continuous validation and simplifies compliance.

#2about 3 minutes

Shifting security left to prevent incidents before deployment

Proactively catching security violations in the CI pipeline is far better than reacting to incidents in production, moving beyond tribal knowledge to codified policies.

#3about 3 minutes

Introducing the Open Policy Agent (OPA) and Rego

OPA is a CNCF graduated project that provides a unified way to enforce policies across APIs using a custom declarative language called Rego.

#4about 3 minutes

Writing basic Rego policies for common use cases

Simple Rego policies can enforce rules like user data access control, manager hierarchies, or ensuring Kubernetes pods use a trusted container registry.

#5about 5 minutes

Using the OPA Playground to test and debug policies

The OPA Playground provides an interactive environment for writing, testing, and debugging Rego policies against sample input data, such as Kubernetes configurations.

#6about 2 minutes

Exploring OPA deployment patterns and advanced use cases

OPA can be deployed as a Go library or a sidecar daemon, enabling advanced use cases like validating Elasticsearch queries to enforce fine-grained data access control.

#7about 3 minutes

Automating infrastructure compliance with CIS benchmarks

OPA policies can codify Center for Internet Security (CIS) benchmarks to continuously scan Kubernetes clusters for misconfigurations and security vulnerabilities.

#8about 3 minutes

Addressing performance and adoption challenges with OPA

While powerful, OPA adoption can be hindered by the complexity of writing performant queries and the learning curve associated with its custom language, Rego.

#9about 3 minutes

Answering audience questions about OPA and Rego

The Q&A covers Rego's support for JSON and YAML, deployment options on bare metal or VMs, and potential integrations with APIs like GraphQL.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Using AI agents to modernize legacy COBOL systems
06:28 MIN

Using AI agents to modernize legacy COBOL systems

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Europe's push for digital independence from US tech
05:17 MIN

Europe's push for digital independence from US tech

WeAreDevelopers LIVE – AI, Freelancing, Keeping Up with Tech and More

Proactively managing the risks of employee personal branding
03:14 MIN

Proactively managing the risks of employee personal branding

Leveraging Leaders’ Voices: The Business Power of Personal Branding

Using AI to overcome challenges in systems programming
02:49 MIN

Using AI to overcome challenges in systems programming

AI in the Open and in Browsers - Tarek Ziadé

Featured Partners

Related Videos

See all videos
Decoupled Authorization using Policy as Code32:16

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

Policy as [versioned] code - you're doing it wrong45:57

Policy as [versioned] code - you're doing it wrong

Chris Nesbitt-Smith

Un-complicate authorization maintenance1:00:00

Un-complicate authorization maintenance

Alex Olivier

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue23:29

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

Kubernetes Security Best Practices23:08

Kubernetes Security Best Practices

Rico Komenda

Chaos in Containers - Unleashing Resilience27:52

Chaos in Containers - Unleashing Resilience

Maish Saidel-Keesing

Great DevEx and Regulatory Compliance - Possible?23:26

Great DevEx and Regulatory Compliance - Possible?

Martin Reynolds

Related Articles

View all articles
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025

From learning to earning

Jobs that call for the skills explored in this talk.