This guide will help you set up a CI/CD pipeline in CircleCI to automatically upload your Cerbos policies to a Cerbos Hub store whenever you push changes to the main
branch of your Git repository.
CERBOS_HUB_CLIENT_ID
and CERBOS_HUB_CLIENT_SECRET
values generated in the Client credentials section of the Cerbos Hub store. Make sure to select the Read & Write
option when creating the credentials to allow uploading policies..circleci
..circleci
, create a file named config.yml
.[STORE_ID]
with the ID of your Cerbos Hub store. You can find this in the Cerbos Hub UI under the store settings.# .circleci/config.yml
version: 2.1
jobs:
upload-policies:
docker:
- image: cimg/base:2024.01
steps:
- checkout
- setup_remote_docker:
version: 20.10.24
- run:
name: Upload Policies
command: |
docker run --rm \
-e CERBOS_HUB_STORE_ID="[STORE_ID]" \
-e CERBOS_HUB_CLIENT_ID=$CERBOS_HUB_CLIENT_ID \
-e CERBOS_HUB_CLIENT_SECRET=$CERBOS_HUB_CLIENT_SECRET \
-v "$(pwd)":/app \
ghcr.io/cerbos/cerbosctl:latest \
hub store replace-files /app --message="Policy upload from CircleCI"
workflows:
build-and-upload:
jobs:
- upload-policies:
filters:
branches:
only: main
CERBOS_HUB_CLIENT_ID
as the Name and paste your client ID as the Value. Click Add Environment Variable.CERBOS_HUB_CLIENT_SECRET
..circleci/config.yml
file.main
branch.upload-policies
job.Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team
Join thousands of developers | Features and updates | 1x per month | No spam, just goodies.