All integrations
Docker
Deployment

Run Cerbos with Docker

Run the Cerbos PDP as a Docker container for local development or production deployments.

Official image

Official image

Multi-architecture container image published to GitHub Container Registry for every release

Volume-mount policies

Volume-mount policies

Mount a local policy directory into the container for rapid development and testing

Compose-ready

Compose-ready

Add Cerbos to your Docker Compose stack alongside your application services

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Docker gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to run Cerbos with Docker

  1. Pull the Cerbos image, Run docker pull ghcr.io/cerbos/cerbos:latest to download the official container image.
  2. Mount your policies, Use -v /path/to/policies:/policies to make your YAML policy files available inside the container.
  3. Start the container, Run docker run --rm -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latest to start the PDP with HTTP and gRPC endpoints.
  4. Connect your application, Use a Cerbos SDK to send authorization checks to the running container.

FAQ

How do I run Cerbos with Docker?

Run `docker run --rm -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latest` to start the PDP. Mount a local policy directory with `-v` to load your authorization policies.

Does Cerbos require any external dependencies?

No. The Cerbos container image is self-contained with no external dependencies. Policies can be loaded from a mounted volume, a Git repository, or Cerbos Hub.

Can I use Docker Compose with Cerbos?

Yes. Add Cerbos as a service in your docker-compose.yml alongside your application. Mount your policy directory as a volume and expose the gRPC and HTTP ports.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Docker

  • Cerbos runs alongside your workloads in Docker
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground