Today, we're open sourcing prom-authzed-proxy! prom-authzed-proxy is a proxy for Prometheus that authorizes the request's Bearer Token with Authzed and enforces a label in a PromQL query. The proxy was built to have absolutely no assumptions about the schema of the Permission System or the metrics in Prometheus! It uses the contents of the Bearer Token as the Subject ID and a query parameter specified in the proxy's flag as the Object ID, and returns an HTTP 403 if the permissions check fails. This allows developers to securely query Prometheus while maintaining their application's permissions requirements. The open-sourcing of prom-authzed-proxy is part of our efforts to maintain a single observability stack for both internal and external usage, and to make SaaS products Cloud Native.