Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/cerbos/cerbos/llms.txt

Use this file to discover all available pages before exploring further.

Cerbos provides pre-compiled binaries and native packages for multiple operating systems and architectures. All releases are available on the GitHub releases page.

Supported Platforms

Cerbos binaries are available for:
OSArchitectureBundle Format
Linuxx86-64cerbos_VERSION_Linux_x86_64.tar.gz
Linuxarm64cerbos_VERSION_Linux_arm64.tar.gz
macOSUniversalcerbos_VERSION_Darwin_all.tar.gz
macOSx86-64cerbos_VERSION_Darwin_x86_64.tar.gz
macOSarm64cerbos_VERSION_Darwin_arm64.tar.gz

Download and Install Binary

1

Download the binary

Download the appropriate bundle for your platform:
curl -L -o cerbos.tar.gz "https://github.com/cerbos/cerbos/releases/download/v0.52.0/cerbos_0.52.0_Linux_x86_64.tar.gz"
2

Extract the archive

Extract and make the binary executable:
tar xvf cerbos.tar.gz
chmod +x cerbos
3

Move to PATH (optional)

Move the binary to a directory in your PATH:
sudo mv cerbos /usr/local/bin/
4

Verify installation

Check the installed version:
cerbos version

Binary Verification

All Cerbos binaries are signed using Sigstore during the automated build process. Each release includes a .sigstore.json verification bundle.
1

Download binary and verification bundle

# Download the binary archive
curl -L -o cerbos_0.52.0_Linux_x86_64.tar.gz \
  "https://github.com/cerbos/cerbos/releases/download/v0.52.0/cerbos_0.52.0_Linux_x86_64.tar.gz"

# Download the verification bundle
curl -L -o cerbos_0.52.0_Linux_x86_64.tar.gz.sigstore.json \
  "https://github.com/cerbos/cerbos/releases/download/v0.52.0/cerbos_0.52.0_Linux_x86_64.tar.gz.sigstore.json"
2

Verify the signature

cosign verify-blob \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity="https://github.com/cerbos/cerbos/.github/workflows/release.yaml@refs/tags/v0.52.0" \
  --bundle="cerbos_0.52.0_Linux_x86_64.tar.gz.sigstore.json" \
  "cerbos_0.52.0_Linux_x86_64.tar.gz"

Linux Packages

Cerbos provides native DEB and RPM packages for Linux distributions.
Packages require systemd as the init system. For other init systems, install from the tarball instead.

Package Installation

# Download the package
curl -L -O "https://github.com/cerbos/cerbos/releases/download/v0.52.0/cerbos_0.52.0_Linux_x86_64.deb"

# Install
sudo dpkg -i cerbos_0.52.0_Linux_x86_64.deb

What Gets Installed

The packages install:
  • Binaries: cerbos and cerbosctl in /usr/local/bin
  • Configuration: Default config at /etc/cerbos.yaml
  • Policy Directory: /var/cerbos/policies
  • Systemd Service: cerbos.service with automatic startup

Default Configuration

The default configuration (/etc/cerbos.yaml): 
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"

engine:
  defaultPolicyVersion: "default"

storage:
  driver: "disk"
  disk:
    directory: /var/cerbos/policies
    watchForChanges: true

Managing the Service

sudo systemctl status cerbos

Systemd Service Details

The service file (/etc/systemd/system/cerbos.service): 
[Unit]
Description=Cerbos Policy Decision Point

[Service]
ExecStart=/usr/local/bin/cerbos server --config=/etc/cerbos.yaml
ProtectSystem=full
ProtectHome=true
PrivateUsers=true
PrivateTmp=true
DynamicUser=yes

[Install]
WantedBy=multi-user.target

Homebrew (macOS)

Install Cerbos using Homebrew:
1

Add the Cerbos tap

brew tap cerbos/tap
2

Install Cerbos

brew install cerbos
3

Verify installation

cerbos version

Update via Homebrew

brew upgrade cerbos

npm Package

Install Cerbos binaries via npm for JavaScript/TypeScript projects. This allows version locking and eliminates separate setup steps. 
npm install --save-dev cerbos cerbosctl
Do not use the --no-optional flag with npm, as the packages rely on platform-specific optional dependencies.

Using npm Packages

Packages are available separately: Run the binaries via npx: 
npx cerbos server --config=.cerbos.yaml
npx cerbosctl version

Nix Flake

A Nix flake is available at github:cerbos/cerbos-flake. 
nix run github:cerbos/cerbos-flake#cerbos -- server --set=storage.disk.directory=/path/to/policies

Running Cerbos

After installation, start the Cerbos server: 
cerbos server --config=/path/to/config.yaml
For quick testing with default settings: 
cerbos server --set=storage.disk.directory=/path/to/policies

Next Steps