opa run
Start OPA in interactive or server mode
Options
| Name | Description |
|---|---|
--addr, -a <addr> | Set listening address of the server (e.g., [ip]:<port> for TCP, unix://<path> for UNIX domain socket) |
--authentication <authentication> | Set authentication scheme |
--authorization <authorization> | Set authorization scheme |
--bundle, -b | Load paths as bundle files or root directories |
--config-file, -c <config-file> | Set path of configuration file |
--diagnostic-addr <diagnostic-addr> | Set read-only diagnostic listening address of the server for /health and /metric APIs (e.g., [ip]:<port> for TCP, unix://<path> for UNIX domain socket) |
--exclude-files-verify <exclude-files-verify> | Set file names to exclude during bundle verification |
--format, -f <format> | Set shell output format, i.e, pretty, json |
--h2c | Enable H2C for HTTP listeners |
--history, -H <history> | Set path of history file |
--ignore <ignore> | Set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) |
--log-format <log-format> | Set log format |
--log-level, -l <log-level> | Set log level |
--max-errors, -m <max-errors> | Set the number of errors to allow before compilation fails early |
--min-tls-version <min-tls-version> | Set minimum TLS version to be used by OPA's server |
--pprof | Enables pprof endpoints |
--ready-timeout <ready-timeout> | Wait (in seconds) for configured plugins before starting server (value <= 0 disables ready check) |
--scope <scope> | Scope to use for bundle signature verification |
--server, -s | Start the runtime in server mode |
--set <set> |
|
--set-file <set-file> |
|
--shutdown-grace-period <shutdown-grace-period> | Set the time (in seconds) that the server will wait to gracefully shut down |
--shutdown-wait-period <shutdown-wait-period> | Set the time (in seconds) that the server will wait before initiating shutdown |
--signing-alg <signing-alg> | Name of the signing algorithm |
--skip-verify | Disables bundle signature verification |
--skip-version-check | Disables anonymous version reporting (see: https://openpolicyagent.org/docs/latest/privacy) |
--tls-ca-cert-file <tls-ca-cert-file> | Set path of TLS CA cert file |
--tls-cert-file <tls-cert-file> | Set path of TLS certificate file |
--tls-cert-refresh-period <tls-cert-refresh-period> | Set certificate refresh period |
--tls-private-key-file <tls-private-key-file> | Set path of TLS private key file |
--verification-key <verification-key> | Set the secret (HMAC) or path of the PEM file containing the public key (RSA and ECDSA) |
--verification-key-id <verification-key-id> | Name assigned to the verification key used for bundle verification |
--watch, -w | Watch command line files for changes |
--help, -h | Help for run |