PDP Deployments

The Policy Decision Point (AKA PDP) is responsible for making authorization decisions and is typically installed and maintained in your environment. build.security PDP can run in a variety of architectures.

In order for the decision engine to work, it is required:

  1. Communicate with a build.security control plane to:

  • Pull the latest up-to-date project configuration changes

  • Send decision logs.

  1. Communicate with your organizational databases on which the decisions rely.

  2. Communicate with the applications which are based on the decision engine in enforcing permissions (detailed in the PEP section).

Policy Decision Points

Environment Variables

Following is a list of environment variables that you can use to configure a PDP at runtime:

Environment variable name

description

API_KEY

API key used by the PDP to authenticate with the build.security control plane

API_SECRET

API secret used by the PDP to authenticate with the build.security control plane

CONTROL_PLANE_ADDRESS

Control plane address used by the PDP

PDP_LOG_LEVEL

The PDP log level. debug / error. Default is error.

BUNDLE_COMMIT

The Git commit SHA used for pulling specific policies. This feature assumes git integration is enabled as the control plane needs the ability to pull and serve the specific policies and configurations to the PDP.

Supported Environments

To deploy your PDP properly, use the relevant installation instructions for your environment.

Standalone Docker Kubernetes