What is Policy as Code?
Policy as Code (PaC) lets you define Charley security policies in YAML files, store them in Git, and deploy them automatically through CI/CD — the same way teams manage infrastructure as code. Instead of clicking through the dashboard, you declare policies in files, preview diffs before applying, and have a full audit trail in git history.Why Use It?
| Dashboard | Policy as Code |
|---|---|
| Point-and-click, immediate | Declared in code, reviewed in PRs |
| No audit trail beyond logs | Every change is a git commit |
| Per-session changes | Idempotent apply — same input = same result |
| Manual rollback | git revert to any prior state |
| Good for one-offs | Scales to hundreds of groups and devices |
How It Works
Theagent-charley-cli CLI (and Python SDK) communicate with the Charley API using an API key — separate from your dashboard login. On each run:
- Plan — fetch current server state, diff against local files, print what would change
- Apply — apply the diff, skipping unchanged policies
apply twice produces the same result as running it once.
Scope Hierarchy
Policies merge from broadest to most specific:Getting Started
Install & First Policy
Install the CLI and deploy your first policy in 5 minutes
API Keys
Create and manage API keys for the CLI and SDK
Policy Reference
Full reference for all policy types and fields
Examples
Ready-to-use templates for common setups
CI/CD Integration
The most common setup runsplan on pull requests and apply on merge to main:
read_only key (ck_ro_...) for the plan step and a read_write key (ck_live_...) for the apply step.