Policy Store

The policy store holds a collection of customized policies for your workflows, allowing you to easily manage and update policies in a single location.

Steps To Create and Use a Policy

Step 1: Navigate to the Policy Store

Open StepSecurity, then navigate to the Harden Runner section and click on Policy Store

Step 2: Click "Create policy"

Step 3: Create a New Policy

Enter a policy name.
Configure the policy settings (e.g., allowed endpoints, telemetry settings).
Click Add Policy to save.

StepSecurity Policy Store page showing how to create a new policy

Step 4: Apply the Policy in Your Workflow

Remove any existing manual policy configurations.
Add the policy name under the Harden Runner step.
Ensure id-token: write permission is explicitly set in your workflow file. This permission is required to authenticate with the StepSecurity backend API and fetch the policy.

Here’s an example:

name: CI

on:
  pull_request:

permissions:
  contents: read
  id-token: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.0
      with:
        policy: Test-policy

Step 5: Verify the Integration

Run a test workflow to ensure the policy is applied correctly.

PreviousSuppression Rules NextSelf-Hosted Runners

Last updated 3 months ago

Was this helpful?