Deploy Cerbos on Railway
Run the Cerbos PDP on Railway by deploying the official container image with automatic builds and networking.
Container deployment
Deploy the official Cerbos container image directly from GitHub Container Registry to Railway
Private networking
Keep the Cerbos PDP on Railway's internal network so only your application services can reach it
Managed lifecycle
Railway handles restarts, health checks, and resource allocation for the Cerbos service
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Railway gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos on Railway
- Create a service, Add a new service in your Railway project using the
ghcr.io/cerbos/cerbos:latestcontainer image. - Configure policy loading, Set environment variables to point Cerbos at a Git repository or Cerbos Hub for policies.
- Expose the port, Configure Railway to expose the Cerbos HTTP port (3592) for internal or external access.
- Connect your application, Use a Cerbos SDK to send authorization checks to the Railway service endpoint.
FAQ
How do I deploy Cerbos on Railway?
Create a new Railway service using the official Cerbos container image from GitHub Container Registry. Configure environment variables for policy loading and expose the HTTP port.
Does Cerbos require any external dependencies?
No. Cerbos requires no database or message queue. Policies load from a Git repository or Cerbos Hub, both compatible with Railway deployments.
Can I use Railway's private networking with Cerbos?
Yes. Railway's private networking allows your application services to reach Cerbos over an internal network without exposing the PDP to the public internet.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Railway
- Cerbos runs alongside your workloads in Railway
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.