Install from binary
This documentation is for a previous version of Cerbos. Choose 0.40.0 from the version picker at the top right or navigate to https://docs.cerbos.dev for the latest version. |
Cerbos binaries are available for multiple operating systems and architectures. See the releases page for all available downloads.
OS | Arch | Bundle |
---|---|---|
Linux |
x86-64 |
|
Linux |
arm64 |
|
MacOS |
universal |
|
MacOS |
x86-64 |
|
MacOS |
arm64 |
|
You can download the binaries by running the following command. Substitute <BUNDLE>
with the appropriate value from the above table.
curl -L -o cerbos.tar.gz "https://github.com/cerbos/cerbos/releases/download/v0.39.0/<BUNDLE>"
tar xvf cerbos.tar.gz
chmod +x cerbos
Cerbos binaries are signed using sigstore tools during the automated build process and the verification bundle is published along with the binary as The following example demonstrates how to verify the Linux X86_64 bundle archive.
|
Linux packages
Cerbos DEB and RPM packages can be installed on any Linux distribution that supports one of those package formats. You can download the appropriate package for your system from the releases page.
Cerbos packages are currently only designed to work with systems where systemd is the init system. If you use a different init system, consider installing cerbos from the tarballs instead.
|
The packages install the cerbos
and cerbosctl
binaries to /usr/local/bin
and create a systemd service to automatically start the Cerbos server. The default configuration is setup to look for policies in /var/cerbos/policies
but you can change this by editing /etc/cerbos/yaml
and reloading the service with sudo systemctl restart cerbos
.
# Show status of the service
sudo systemctl status cerbos
# Restart the service
sudo systemctl restart cerbos
# View logs
sudo journalctl -xeu cerbos.service
Homebrew
You can install Cerbos binaries using Homebrew as well.
brew tap cerbos/tap
brew install cerbos
npm
You can install Cerbos binaries from the npm registry. This removes a separate setup step for JavaScript projects and allows you to lock Cerbos to a specific version to ensure a consistent development environment.
npm install --save-dev cerbos cerbosctl
Note that the npm packages rely on platform-specific optional dependencies, so make sure you don’t omit these when installing dependencies (for example, don’t pass the --no-optional
flag to npm
).
Nix flake
A Nix flake is available at https://github.com/cerbos/cerbos-flake.
# Launch a Cerbos server
nix run github:cerbos/cerbos-flake#cerbos -- server --set=storage.disk.directory=/path/to/policy_directory
# Launch a REPL
nix run github:cerbos/cerbos-flake#cerbos -- repl
# Launch cerbosctl
nix run github:cerbos/cerbos-flake#cerbosctl
# Start a Nix shell session with cerbos and cerbosctl installed
nix shell github:cerbos/cerbos-flake