OPAL on Ubuntu 24.04 LTS

Azure Security

OPAL, the Open Policy Administration Layer, keeping authorization policy in sync across your services in real time.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Overview

OPAL, the Open Policy Administration Layer, keeps authorization policy and the data it reasons over continuously up to date. You keep policy in a git repository; OPAL watches it and pushes every change out to Open Policy Agent the moment it is committed, so applications asking for an authorization decision always get an answer based on the current rules, with no redeploy and no restart.

OPAL on its own is infrastructure rather than a finished system, so this image ships a complete single node appliance: OPAL server, OPAL client and Open Policy Agent, installed, wired together and answering decisions from first boot, with a working example policy repository you can repoint at your own.

Why the cloudimg image

cloudimg ships the whole appliance assembled and proven rather than a bare component, with OPAL installed into an isolated virtual environment and the exact resolved dependency set recorded inside the image. It is secure by default and ships no shared credential: Open Policy Agent is bound to loopback so its unauthenticated API can never be reached, the exposed decision endpoint sits behind nginx with TLS and HTTP basic authentication, and on first boot every instance generates its own master token, signing keypair, client token, certificate and password into a root only file. A built in self test proves the policy round trip end to end, and every instance is backed by a paired deploy guide and 24/7 support.

Common uses

  • Distribute authorization policy changes across services in real time
  • Run Open Policy Agent with policy managed from a git repository
  • Centralise access control decisions for your applications