Skip to main content

Integrating with Envoy

Enterprise OPA can be used with Envoy as an External Authorization filter, and supports configuration in the same manner as the open source OPA-Envoy plugin.


Enterprise OPA supports all of the same configuration options from OPA-Envoy. An example configuration snippet enabling the plugin and several of its features is shown below:

addr: :9191 # default `:9191`
path: envoy/authz/allow # default: `envoy/authz/allow`
dry-run: false # default: false
enable-reflection: false # default: false
grpc-max-recv-msg-size: 40194304 # default: 1024 * 1024 * 4
grpc-max-send-msg-size: 2147483647 # default: max Int
skip-request-body-parse: false # default: false
enable-performance-metrics: false # default: false. Adds `grpc_request_duration_seconds` prometheus histogram metric

See the OPA-Envoy docs for additional information.