GoKawiilclawpatrol
The security firewall for agents.
Claw Patrol sits between your agents and prod, parses their traffic at the wire, and gates each action against rules you write in HCL. For example, you can block destructive SQL, or pause kubectl delete pod until a human approves it before the request reaches Kubernetes.
For the full overview see clawpatrol.dev.
Install
curl -fsSL https://clawpatrol.dev/install.sh | sh
From source: make (requires Go and Node.js).
A rule
A real rule from our own production config:
rule "k8s-no-secrets" { endpoint = k8s - prod condition = " k8s.resource == 'secrets' " verdict = " deny " reason = " Secret values must not leave the cluster via the agent " }
... continue reading