All integrations
Render
Deployment

Deploy Cerbos on Render

Run the Cerbos PDP on Render as a web service using the official container image with managed TLS and scaling.

Web service deployment

Web service deployment

Deploy the Cerbos container image as a Render web service with automatic TLS termination and health monitoring

Private services

Private services

Run Cerbos as a private service accessible only from other services within your Render account

Auto-deploy

Auto-deploy

Render detects image updates and redeploys the Cerbos service automatically when new versions are published

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Render gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

How to deploy Cerbos on Render

  1. Create a web service, Add a new web service on Render using the ghcr.io/cerbos/cerbos:latest container image.
  2. Configure policy loading, Set environment variables to point Cerbos at a Git repository or Cerbos Hub for policies.
  3. Set the health check, Configure Render's health check to use the Cerbos health endpoint to monitor service availability.
  4. Connect your application, Use a Cerbos SDK to send authorization checks to the Render service URL.

FAQ

How do I deploy Cerbos on Render?

Create a new web service on Render using the official Cerbos container image. Configure environment variables for policy loading and set the health check path.

Does Cerbos require any external dependencies?

No. Cerbos requires no database or message queue. Policies load from a Git repository or Cerbos Hub, both compatible with Render deployments.

Can I keep Cerbos private on Render?

Yes. Deploy Cerbos as a private service on Render so it is only reachable from other services within the same Render account over the internal network.

Cerbos + Render

  • Cerbos runs alongside your workloads in Render
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.