Open Policy Agent is an _Open Source_ generalized policy engine allowing to specify your security policies in a declarative form, for your whole heterogenous IT infrastructure. Policies can be expressed in the Rego declarative language independently of the individual subsystems of your infrastructure.

OPA, pour les intimes, can be used to validate files such as the output of a Terraform plan, provide access control for a web server or API, or for a container orchestration system.

We will look at Rego the language used to express policy and how OPA might be used to enforce policy for

- a web server
- a Kubernetes cluster
- a Terraform plan
- a web site through the use of WebAssembly