https://cerbos.dev logo
#help
Title
# help
m

Michael

06/02/2023, 10:25 AM
Is it possible to use environment variables in policies? Something like
expr: P.attr.foo = env["FOO"]
?
a

Andrew Haines (Cerbos)

06/02/2023, 11:05 AM
It's not possible to access environment variables but you can pass them from your application as part of the resource attributes. Am I understanding correctly that you'd like to set environment variables for the Cerbos PDP server and use them in policies? Can you explain the use case?
m

Michael

06/02/2023, 1:13 PM
Basically, yes. I was hoping to pull information from the PDP environment directly, instead of having to collect them, pass them to the PDP via the PEP. We have some special compliance related policies, that depend on some deployment environment constraints.
a

Andrew Haines (Cerbos)

06/02/2023, 1:16 PM
I guess the other option would be to have environment-specific policies (potentially using some kind of YAML templating tool)... not sure if that is better or worse than collecting and passing the properties to the PDP though, depends on your setup!
m

Michael

06/02/2023, 1:18 PM
That's our current work-around... It feels wrong, though 🙂 Would you guys be interested in a PR for such a feature?
a

Andrew Haines (Cerbos)

06/02/2023, 2:45 PM
I've raised a feature request to discuss possible ways that we could handle this use case - not 100% sold on exposing all of the environment variables to the policies, but I have a proposal on the ticket that would allow specific variables to be made available. Feel free to chime in on the ticket if you have any thoughts on it!
m

Michael

06/05/2023, 5:40 AM
Great, Thank You!
9 Views