All integrations
Systemd
Deployment

Run Cerbos as a systemd service

Run the Cerbos PDP as a managed systemd service on any Linux host with automatic restarts and logging.

Process management

Process management

Automatic restarts, dependency ordering, and resource limits managed by systemd

Journal logging

Journal logging

Cerbos logs integrate with the systemd journal for centralized log management

No container required

No container required

Run Cerbos as a native binary without Docker or any container runtime

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Systemd gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to run Cerbos as a systemd service

  1. Download the Cerbos binary, Grab the latest static binary from the Cerbos releases page for your architecture.
  2. Create a Cerbos configuration file, Configure your policy source, server settings, and logging preferences in a YAML config file.
  3. Create a systemd unit file, Define a service unit that runs the Cerbos binary with your configuration, with restart and resource limit policies.
  4. Enable and start the service, Run systemctl enable --now cerbos to start Cerbos and ensure it starts on boot.

FAQ

How do I run Cerbos as a systemd service?

Download the Cerbos binary, create a systemd unit file that points to your Cerbos configuration, then enable and start the service with systemctl. Cerbos will run as a managed background process with automatic restarts.

Does Cerbos require any external dependencies?

No. Cerbos is a single static binary with no external dependencies. It requires no database, message queue, or container runtime.

How do I view Cerbos logs with systemd?

Use `journalctl -u cerbos` to view Cerbos logs through the standard systemd journal. Cerbos supports structured JSON logging for integration with log aggregation tools.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Systemd

  • Cerbos runs alongside your workloads in Systemd
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground