The Policy Decision Point (AKA PDP) is responsible for making authorization decisions and is typically installed and maintained in your environment. build.security PDP can run in a variety of architectures.
In order for the decision engine to work, it is required:
Communicate with a build.security control plane to:
Pull the latest up-to-date project configuration changes
Send decision logs.
Communicate with your organizational databases on which the decisions rely.
Communicate with the applications which are based on the decision engine in enforcing permissions (detailed in the PEP section).
Following is a list of environment variables that you can use to configure a PDP at runtime:
Environment variable name
API key used by the PDP to authenticate with the build.security control plane
API secret used by the PDP to authenticate with the build.security control plane
Control plane address used by the PDP
The PDP log level.
The Git commit SHA used for pulling specific policies. This feature assumes git integration is enabled as the control plane needs the ability to pull and serve the specific policies and configurations to the PDP.
To deploy your PDP properly, use the relevant installation instructions for your environment.