Policy and procedure documents can be managed in code, checked into a Git repo, such that the Git Pull Request (PR) process can be leveraged for revisions and reviews.
JupiterOne provides a command line for this purpose.
Installing and Building
Run the following command to install and build the policies for the first time:
npm install -g @jupiterone/jupiter-policy-builder mkdir my-company-policies cd my-company-policies psp build
You will be prompted for a few input, such as company name, to be included in your policy text.
When prompted to save the config to a file, enter
config.json (or your custom
path). This will allow you to reference the populated configurations the next
time you'd like to rebuild the policies and procedures.
This will create the following contents in your current directory:
For details of these files and their usage, see JupiterOne Policies Structure.
Editing and Rebuilding
To edit the policies and procedures, use the template files in
psp build command. Do not edit the
files directly as they will be overwritten on the next build.
psp build -t ./templates -c path/to/your/config.json
Run the following command to publish your policies and procedures to your JupiterOne account. You will need to generate an API key for your user and the user needs to have policies admin permissions.
export J1_ACCOUNT=<your_j1_account_id> export J1_API_KEY=<your_user_api_key> psp publish -a $J1_ACCOUNT -k $J1_API_KEY -t ./templates -c ./config.json
For additional details and advanced options, see the README here.