For secure enterprise environments
Self-hosted on-premise Cerbos Hub
Run Cerbos Hub inside your environment. Keep policies and audit data under your control while managing authorization centrally across apps, AI agents, services, and workloads.
Enterprise-scale access governance for
Designed to meet your security requirements
Data stays in your environment
Policies and audit logs remain under your control to support residency and sovereignty requirements.
Air-gapped environments
Run Cerbos Hub in fully isolated or air-gapped networks while still managing policies centrally.
Compliance and residency demands met
Demonstrate residency, pass localization audits, and provide clear evidence during compliance checks.
Government and defense requirements
Operate without cloud-hosted authorization to satisfy isolation and zero-dependency requirements.
All self-hosted deployment models supported
On-prem in your data center
On-prem, bring your own cloud
Air-gapped
Hybrid option
Built for top-security environments
On-premise complete authorization
On-premise Cerbos Hub delivers the same powerful capabilities as the hosted version. Define, test, and iterate policies, deploy and manage them from any source, authorize across apps and services, and log & audit every decision. All inside your own environment.
Agentic systems
MCP server security
RAG authorization
Application permissions
Multi-tenant SaaS permissions
NHI authorization
Compliance ready with every authorization decision
FedRAMP
SOC 2
HIPAA
ISO 27001
PCI DSS
GDPR
Capture every decision for all identities
Log requests, actions, resources, access outcomes, and service-to-service authorization calls for both humans and machines.
Trace policy lineage
See the exact policy, version, and release behind each decision for complete traceability.
Monitor with context
Review detailed logs, policy versions, and real-time metrics across all PDPs and environments.
Simplify audits and compliance
Maintain centralized, structured logs on-premise to support audits and demonstrate readiness for FedRAMP, SOC 2&3, ISO 27001, HIPAA, PCI DSS, and GDPR.
Seamless integration
Works with your existing tools, workflows, and infra
Flexible policy sources
Add policies from any Git provider, any CI/CD tool, Cerbos Hub API, cerbosctl CLI, direct UI upload —no lock-in.
SDKs for every stack
Use updated SDKs for JS, Go, Python, Java, .NET, Rust, PHP, Ruby for programmatic policy management.
Hub deployment targets
Run in your own Kubernetes-cluster, on-premise or in your cloud envoirement.
PDP deployment targets
Deploy to Cerbos PDPs in containers, serverless, edge, or multi-region clusters.
Rob Crowe, Principal Engineer
@Utility Warehouse
“We rely on Cerbos to make authorization decisions across the whole mesh - millions of times a day. And it’s fast. We don’t even think about it anymore. It just works.”
How teams use Cerbos
Saved $264k per year with scalable authorization
$264k saved per year vs. in-house build.
Policies are updated in minutes when requirements change.
Audit-ready compliance for ISO27001, SOC2, GDPR, PSD2, CCPA.
Clean permissions logic with zero single points of failure
$1M+ saved in development time.
Deployed enterprise-ready authorization only in 3 weeks.
Non-engineers now can manage policies.
Secured 4,500 services and millions of NHIs
Secured millions of NHIs with sub-millisecond authorization.
Cut maintenance time from days to minutes.
Reduced authorization-related bugs and tech debt.
Authorization that scalesBring authorization under your control
Deploy Cerbos Hub on-premise to meet residency, compliance, and isolation requirements without sacrificing scale or usability.