Running locally

This documentation is for an as-yet unreleased version of Cerbos. Choose 0.39.0 from the version picker at the top right or navigate to https://docs.cerbos.dev for the latest version.

As the developers of Cerbforce began their investigation of the system, the first step was getting a Cerbos instance up and running locally.

Container

If you have Docker, you can simply use the published images. The container already ships with a default configuration that has a disk driver configured to look for policies mounted at /policies. Create an empty policy folder at policies/, and then run the following:

docker run --rm --name cerbos -t \
  -v $(pwd)/policies:/policies \
  -p 3592:3592 \
  ghcr.io/cerbos/cerbos:latest server

Binary

Alternatively, if you don’t have Docker running, you can opt to use the release binary directly which you can download from here.

Config file

In order to run the binary, you’ll need to create a minimal server configuration file. The simplest configuration to get up and running (using a local folder for storage of policies) requires only the port and location to be set:

---
server:
  httpListenAddr: ":3592"
storage:
  driver: "disk"
  disk:
    directory: policies
You can find the full configuration schema in the Cerbos docs.

Save this configuration to a file named .cerbos.yaml. You’ll also need to create an empty policy folder policies/.

Now, extract the binary and run:

./cerbos server --config=.cerbos.yaml

Once started you can open http://localhost:3592 to see the API documentation.