Run from container

This documentation is for a previous version of Cerbos. Choose 0.37.0 from the version picker at the top right or navigate to for the latest version.
docker run --rm --name cerbos -p 3592:3592

Cerbos images can be verified using sigstore tools as follows:

cosign verify \
  --certificate-oidc-issuer="" \
  --certificate-identity="" \

By default, the container is configured to listen on ports 3592 (HTTP) and 3593 (gRPC) and watch for policy files on the volume mounted at /policies. You can override these by creating a new configuration file.

Create a directory to hold the config file and policies.
mkdir -p cerbos-quickstart/policies
Create a config file.
cat > cerbos-quickstart/.cerbos.yaml <<EOF
  httpListenAddr: ":3592"

  driver: "disk"
    directory: /quickstart/policies
    watchForChanges: true
Launch the container with the new config file.
docker run --rm --name cerbos -d -v $(pwd)/cerbos-quickstart:/quickstart -p 3592:3592 server --config=/quickstart/.cerbos.yaml
Cerbos container images are mirrored to Docker Hub and the latest version is available at as well.