Migrating Policy Delivery Engines with (almost) Nobody Knowing

1 · Pinterest · Jan. 26, 2024, 8:35 p.m.
Jeremy Krach | Staff Security Engineer, Platform SecurityBackgroundSeveral years ago, Pinterest had a short incident due to oversights in the policy delivery engine. This engine is the technology that ensures a policy document written by a developer and checked into source control is fully delivered to the production system evaluating that policy, similar to OPAL. This incident began a multi-year journey for our team to rethink policy delivery and migrate hundreds of policies to a new distributi...