Run the Cerbos PDP as a Nomad job using the Docker driver with Consul integration for service discovery.
Run the Cerbos container image as a Nomad task using the Docker driver with resource limits and placement constraints
Deploy Cerbos as a Nomad system job to run one instance on every client node for low-latency authorization
Register Cerbos with Consul for service discovery and health monitoring across the Nomad cluster
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via HashiCorp Nomad gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
nomad job run cerbos.nomad to deploy the PDP across your Nomad cluster.Write a Nomad job specification that runs the official Cerbos container image using the Docker driver. Configure service registration with Consul and define health checks on the HTTP port.
No. Cerbos requires no database or message queue. Policies load from the filesystem, a Git repository, or Cerbos Hub.
Yes. Running Cerbos as a system job places one instance on every client node, providing low-latency authorization decisions from any node in the cluster.



What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.