Policy Store

The policy store holds a collection of customized policies for your workflows, allowing you to easily manage and update policies in a single location.

Steps To Create and Use a Policy

Step 1: Navigate to the Policy Store

  • Open StepSecurity, then navigate to the Harden Runner section and click on Policy Store

StepSecurity Policy Store page
StepSecurity Policy Store page

Step 2: Click "Create policy"

StepSecurity Policy Store page
StepSecurity Policy Store page

Step 3: Create a New Policy

  • Enter a policy name.

  • Configure the policy settings (e.g., allowed endpoints, telemetry settings).

  • Click Add Policy to save.

StepSecurity Policy Store page showing how to create a new policy
StepSecurity Policy Store page

Step 4: Apply the Policy in Your Workflow

  • Remove any existing manual policy configurations.

  • Add the policy name under the Harden Runner step.

  • Ensure id-token: write permission is explicitly set in your workflow file. This permission is required to authenticate with the StepSecurity backend API and fetch the policy.

Here’s an example:

name: CI

on:
  pull_request:

permissions:
  contents: read
  id-token: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.0
      with:
        policy: Test-policy

Step 5: Verify the Integration

  • Run a test workflow to ensure the policy is applied correctly.

Last updated

Was this helpful?