See Install from binary or Run from container for instructions on how to install the cerbos binary.

This binary provides two sub commands:


Start the PDP server


Validate, compile and run tests on a policy repo

Example: Running compile using the binary
./cerbos compile --help
Example: Running compile using the container
docker run -i -t ghcr.io/cerbos/cerbos:0.12.0 compile --help

server Command

Starts the Cerbos PDP.

  cerbos server [flags]


# Start the server
cerbos server --config=/path/to/config.yaml

# Start the server with the Admin API enabled and the 'sqlite' storage driver
cerbos server --config=/path/to/config.yaml --set=server.adminAPI.enabled=true --set=storage.driver=sqlite3 --set=storage.sqlite3.dsn=':memory:'

      --config string              Path to config file
      --debug-listen-addr string   Address to start the gops listener
  -h, --help                       help for server
      --log-level string           Log level (default "INFO")
      --set strings                Config overrides

compile Command

Runs the Cerbos compiler to validate policy definitions and run any test suites. See Policy compilation for more information.

  cerbos compile DIR [flags]

  -f, --format string    Output format (valid values: json,plain)
  -h, --help             help for compile
      --ignore-schemas   Ignore schemas during compilation
      --run string       Run only tests that match this regex
      --skip-tests       Skip tests
      --tests string     Path to the directory containing tests
      --verbose          Verbose output on test failure