Run Cerbos with Docker
Run the Cerbos PDP as a Docker container for local development or production deployments.
Official image
Multi-architecture container image published to GitHub Container Registry for every release
Volume-mount policies
Mount a local policy directory into the container for rapid development and testing
Compose-ready
Add Cerbos to your Docker Compose stack alongside your application services
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Docker gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to run Cerbos with Docker
- Pull the Cerbos image, Run
docker pull ghcr.io/cerbos/cerbos:latestto download the official container image. - Mount your policies, Use
-v /path/to/policies:/policiesto make your YAML policy files available inside the container. - Start the container, Run
docker run --rm -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latestto start the PDP with HTTP and gRPC endpoints. - Connect your application, Use a Cerbos SDK to send authorization checks to the running container.
FAQ
How do I run Cerbos with Docker?
Run `docker run --rm -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latest` to start the PDP. Mount a local policy directory with `-v` to load your authorization policies.
Does Cerbos require any external dependencies?
No. The Cerbos container image is self-contained with no external dependencies. Policies can be loaded from a mounted volume, a Git repository, or Cerbos Hub.
Can I use Docker Compose with Cerbos?
Yes. Add Cerbos as a service in your docker-compose.yml alongside your application. Mount your policy directory as a volume and expose the gRPC and HTTP ports.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Docker
- Cerbos runs alongside your workloads in Docker
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.