opa run

Start OPA in interactive or server mode

Options

NameDescription
--addr, -a <addr>Set listening address of the server (e.g., [ip]:<port> for TCP, unix://<path> for UNIX domain socket)
--authentication <authentication>Set authentication scheme
--authorization <authorization>Set authorization scheme
--bundle, -bLoad paths as bundle files or root directories
--config-file, -c <config-file>Set path of configuration file
--diagnostic-addr <diagnostic-addr>Set read-only diagnostic listening address of the server for /health and /metric APIs (e.g., [ip]:<port> for TCP, unix://<path> for UNIX domain socket)
--exclude-files-verify <exclude-files-verify>Set file names to exclude during bundle verification
--format, -f <format>Set shell output format, i.e, pretty, json
--h2cEnable H2C for HTTP listeners
--history, -H <history>Set path of history file
--ignore <ignore>Set file and directory names to ignore during loading (e.g., '.*' excludes hidden files)
--log-format <log-format>Set log format
--log-level, -l <log-level>Set log level
--max-errors, -m <max-errors>Set the number of errors to allow before compilation fails early
--min-tls-version <min-tls-version>Set minimum TLS version to be used by OPA's server
--pprofEnables pprof endpoints
--ready-timeout <ready-timeout>Wait (in seconds) for configured plugins before starting server (value <= 0 disables ready check)
--scope <scope>Scope to use for bundle signature verification
--server, -sStart the runtime in server mode
--set <set>
  • Repeatable ♾
--set-file <set-file>
  • Repeatable ♾
--shutdown-grace-period <shutdown-grace-period>Set the time (in seconds) that the server will wait to gracefully shut down
--shutdown-wait-period <shutdown-wait-period>Set the time (in seconds) that the server will wait before initiating shutdown
--signing-alg <signing-alg>Name of the signing algorithm
--skip-verifyDisables bundle signature verification
--skip-version-checkDisables anonymous version reporting (see: https://openpolicyagent.org/docs/latest/privacy)
--tls-ca-cert-file <tls-ca-cert-file>Set path of TLS CA cert file
--tls-cert-file <tls-cert-file>Set path of TLS certificate file
--tls-cert-refresh-period <tls-cert-refresh-period>Set certificate refresh period
--tls-private-key-file <tls-private-key-file>Set path of TLS private key file
--verification-key <verification-key>Set the secret (HMAC) or path of the PEM file containing the public key (RSA and ECDSA)
--verification-key-id <verification-key-id>Name assigned to the verification key used for bundle verification
--watch, -wWatch command line files for changes
--help, -hHelp for run