Skip to main content

Policy

Summary

The policy block inside a route definition defines the authorization policy applied to a route. Policies are defined using Pomerium Policy Language (PPL), a yaml-based markup designed to be easier to read and implement compared to current alternatives.

See Pomerium Policy Language for a full explanation of how to write policies in PPL.

How to configure

YAML/JSON settingTypeUsage
policystringoptional

Examples

routes:
- from: https://verify.localhost.pomerium.io
to: http://verify:8000
policy:
- allow:
and:
- domain:
is: pomerium.com
- user:
is: user

# ingress
ingress.pomerium.io/policy: |
allow:
and:
- domain:
is: pomerium.com
- user:
is: user