As the developers of Cerbforce began their investigation of the system, the first step was getting a Cerbos instance up and running locally.
If you have Docker, you can simply use the published images. The container already ships with a default configuration that has a
disk driver configured to look for policies mounted at
/policies. Create an empty policy folder at
policies/, and then run the following:
docker run --rm --name cerbos -t \ -v $(pwd)/policies:/policies \ -p 3592:3592 \ ghcr.io/cerbos/cerbos:latest server
Alternatively, if you don’t have Docker running, you can opt to use the release binary directly which you can download from here.
In order to run the binary, you’ll need to create a minimal server configuration file. The simplest configuration to get up and running (using a local folder for storage of policies) requires only the port and location to be set:
--- server: httpListenAddr: ":3592" storage: driver: "disk" disk: directory: policies
|You can find the full configuration schema in the Cerbos docs.|
Save this configuration to a file named
.cerbos.yaml. You’ll also need to create an empty policy folder
Now, extract the binary and run:
./cerbos server --config=.cerbos.yaml
Once started you can open
http://localhost:3592 to see the API documentation.