Deploy Cerbos with HashiCorp Nomad
Run the Cerbos PDP as a Nomad job using the Docker driver with Consul integration for service discovery.
Docker driver
Run the Cerbos container image as a Nomad task using the Docker driver with resource limits and placement constraints
System job support
Deploy Cerbos as a Nomad system job to run one instance on every client node for low-latency authorization
Consul integration
Register Cerbos with Consul for service discovery and health monitoring across the Nomad cluster
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via HashiCorp Nomad gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos with HashiCorp Nomad
- Write a job specification, Define a Nomad job that runs the official Cerbos container image using the Docker driver with appropriate resource limits.
- Configure service registration, Add a service stanza to register Cerbos with Consul for discovery by your application services.
- Configure policy loading, Use environment variables or template stanzas to point Cerbos at a Git repository or Cerbos Hub for policies.
- Submit the job, Run
nomad job run cerbos.nomadto deploy the PDP across your Nomad cluster.
FAQ
How do I deploy Cerbos with Nomad?
Write a Nomad job specification that runs the official Cerbos container image using the Docker driver. Configure service registration with Consul and define health checks on the HTTP port.
Does Cerbos require any external dependencies?
No. Cerbos requires no database or message queue. Policies load from the filesystem, a Git repository, or Cerbos Hub.
Can I run Cerbos as a system job in Nomad?
Yes. Running Cerbos as a system job places one instance on every client node, providing low-latency authorization decisions from any node in the cluster.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + HashiCorp Nomad
- Cerbos runs alongside your workloads in HashiCorp Nomad
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.