> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.kosli.com/feedback

```json
{
  "path": "/terraform-reference/resources/policy",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# kosli_policy resource

> Manages a Kosli policy. Policies define artifact compliance requirements that can be attached to environments.

Manages a Kosli policy. Policies define artifact compliance requirements (provenance, trail-compliance, attestations) that can be attached to environments.

Policies are versioned and immutable: updating `content` or `description` creates a new version rather than modifying the existing one.

<Warning>
  Deleting this resource removes it from Terraform state only. Kosli has no API endpoint to delete policies, so the policy will remain in Kosli after `terraform destroy`. To attach policies to environments, use the [`kosli_policy_attachment` resource](/terraform-reference/resources/policy_attachment).
</Warning>

## Example usage

```terraform theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
terraform {
  required_providers {
    kosli = {
      source = "kosli-dev/kosli"
    }
  }
}

# Minimal policy requiring provenance for all artifacts
resource "kosli_policy" "minimal" {
  name = "basic-requirements"
  content = <<-YAML
    _schema: https://docs.kosli.com/schemas/policy/v1
    artifacts:
      provenance:
        required: true
  YAML
}

# Production policy with full compliance requirements
resource "kosli_policy" "production" {
  name        = "prod-requirements"
  description = "Compliance requirements for production environments"
  content     = <<-YAML
    _schema: https://docs.kosli.com/schemas/policy/v1
    artifacts:
      provenance:
        required: true
      trail-compliance:
        required: true
      attestations:
        - name: unit-test
          type: junit
        - name: dependency-scan
          type: "*"
  YAML
}
```

## Import

Policies can be imported using their name:

```shell theme={"theme":"dracula","languages":{"custom":["/languages/rego.json"]}}
# Import a policy by name. The content attribute is populated from the API response.
terraform import kosli_policy.example prod-requirements
```

## Schema

### Required

* `content` (String) YAML content of the policy, conforming to the Kosli policy schema (`_schema: https://docs.kosli.com/schemas/policy/v1`). Supports heredoc syntax for multi-line YAML. Updating this value creates a new policy version.
* `name` (String) Name of the policy. Must be unique within the organization. Changing this will force recreation of the resource.

### Optional

* `description` (String) Description of the policy.

### Read-only

* `created_at` (Number) Unix timestamp of when the policy was first created.
* `latest_version` (Number) The version number of the latest policy version. Null if the policy has no versions.