Since our early days of helping developers add fine-grained authorization with [Permit.io](<a href="http://permit.io/" rel="nofollow">http://permit.io/</a>), we've encountered two recurring questions from users:<p>1. How to manage the policy configuration natively within the existing SDLC.<p>2. How to maintain decoupling between the control plane (policy configuration) and the data plane (application context for decision-making).<p>In fact, both of these questions are not only relevant to fine-grained authorization. The right way to solve them in a cloud-native manner is to use Infrastructure as Code (IaC). This ensures that the configuration is kept with other software components and keeps the application code clean from the application configuration. Hence, we released a Terraform provider to configure Permit’s fine-grained authorization as a first step to support configuration via IaC.<p>As for the next steps on our roadmap, we are considering two options. First, releasing more IaC providers (Pulumi, etc.). Second, enhancing the current provider to support more policy engines and policy configurations. For that, we would be happy to hear your thoughts and learn which direction interests you more.<p>We would also appreciate any comments on the code itself and the approach we took. The code of the provider is open for the community review in the HN link.<p>TIA