📄 The ability to do a bulk upload of controls in Drata can help save you minutes or hours, especially if you are looking to migrate an existing set of controls you already have documented in a spreadsheet.

The steps to do a bulk import of your controls from a CSV are detailed below, however if you prefer to watch a video of this, you can see the same steps here:

Let's get started

Postman

Drata has a Postman collection available to download, which we will utilise. You can follow the instructions for this from Drata's API documentation page

But we Download the swagger.json from Drata

Importantly, we need to click "View Import Settings"

And we need to set the Folder organization from Paths to Tags

Now we need to create an environment. In the left navigation, select Environments and then click Create Environment

Set the Environment Name and then add two variables:

• baseUrl

• bearerToken

Add the Base URL (which can be found on Drata's docs here) and your API token (instructions from Drata on how to create an API token)

Don't forget to Save

Create a custom request

In Postman, navigate to Collections > expand DRATA API Documentation > expand Controls

Now hover over "Add a new control to the account", click the ellipsis and select Duplicate

On our duplicated request, we can rename it to something help, such as Control CSV Upload

Now we want to de-select the variables we don't want to upload from the Body section. If we look at the API documents for this Control endpoint we can see that we require the name, description and code, the rest are optional.

We also need to set the WorkspaceId in the URL. In my example my WorkspaceId is set to 1 (in the URL) and I have deselected all fields apart from the required: name, description and code, and also optionally enabled question

Finally we need to set the Values for these Keys to be a variable, that we will reference in our CSV file. The format of the variable should be within a double curly brace, such as:

{{name}}

In the screenshot below, we can see the orange dot at the end of the Tab which indicates this request has changed and hasn't been saved. Lets click the Save button on the right hand side

Above you can see I have set the variables within the key:value's we shall be sending. Now we need to set the data for those variables.

Create our Control CSV file

We need to create our CSV file of the controls we want to upload

Above is a screenshot of a CSV file made in Google Sheets, with the fields we will upload. Note that Row 1 contains the header variables that we reference in our Postman request set previously.

Drata

In our Controls Page we are going to check that we don't have any controls named "CSV" before we do the upload

Running Postman Collection

Back in Postman, click the ellipsis next to DRATA API Documentation and select Run collection

This will bring up a Runner tab in Postman with all the requests selected:

We want to click Deselect All and then select our newly created request Control CSV Upload

Under the Functional tab on the right, we want to keep all the defaults, apart from Select File where we grab our previously create CSV file and then optionally we can check Persist responses for a session (to help with debugging if something goes wrong)

Finally, it's important to make sure we set the Environment that we setup and configured earlier. In the previous screenshots, on the right side near the top you may see it says "No environment" we want to click that drop down and select the environment we saved earlier.

Now we can click Run DRATA API Documentation

If everything was successful, we should see all the Tests (rows in our CSV) run in Postman and each one should show a 201 Created message

Verify our new Controls

Back in Drata, if we refresh our Controls page and search (again for "csv") we can now see our uploaded controls

🚀 Congratulations, we have now bulk uploaded our new controls from a CSV file into Drata