Reliability

Cerbos Hub is designed for high availability. All PDPs continue to operate independently even when Cerbos Hub experiences disruptions.

Push-based updates

When a PDP connects to Cerbos Hub, it establishes a two-way communication channel used to receive the initial policy bundle and subsequent update notifications. Because there is no polling, all PDPs converge on the same policy version within seconds of a change.

Disconnection handling

If Cerbos Hub becomes temporarily unavailable:

Running PDPs	Continue serving requests using the last downloaded bundle while attempting to reconnect in the background. Authorization decisions are unaffected.
New PDPs	Can start with the last successfully built bundle, served from a separate high-availability fallback service.

Local bundle caching

For additional resilience, configure a cache directory to persist bundles to disk:

storage:
  driver: hub
  hub:
    remote:
      deploymentID: "..."
      cacheDir: /var/cerbos/hub # Directory to cache downloaded bundles

Mount a persistent volume at this path when running in containers or Kubernetes. Cached bundles allow PDPs to restart without network access to Cerbos Hub.

Offline mode

In disaster recovery scenarios, start the PDP with only the cached bundle:

docker run --rm --name cerbos \
  -p 3592:3592 -p 3593:3593 \
  -e CERBOS_HUB_OFFLINE=true \
  -v /var/cerbos/hub:/var/cerbos/hub \
  ghcr.io/cerbos/cerbos:latest server --config=/conf/.cerbos.yaml

The PDP loads the cached bundle and serves requests without connecting to Cerbos Hub.

Fallback to git

As a last resort, switch the PDP to read policies directly from your Git repository:

storage:
  driver: git
  git:
    protocol: https
    url: https://github.com/your-org/policies.git
    branch: main
    checkoutDir: /tmp/cerbos/policies
    updatePollInterval: 60s

This bypasses Cerbos Hub entirely, though you lose pre-compilation, testing, and centralized management.

Monitoring connectivity

Monitor PDP connectivity using the cerbos_dev_hub_connected Prometheus metric:

`1`	PDP is connected to Cerbos Hub
`0`	PDP is disconnected (using cached bundle)

Additional metrics for bundle operations:

`cerbos_dev_store_bundle_updates_count`	Number of bundle updates received from Cerbos Hub
`cerbos_dev_store_bundle_op_latency`	Time to perform bundle operations
`cerbos_dev_store_bundle_fetch_errors_count`	Count of errors during bundle downloads

See Observability for the full list of available metrics.