Authorization for Rust applications
Add Cerbos authorization to your Rust application with the async, type-safe SDK. Built on tonic for gRPC communication with serde-compatible types.
Async and type-safe
Fully async SDK built on tonic and tokio, with all authorization requests and responses represented as strongly typed Rust structs
Serde integration
Request and response types derive Serialize and Deserialize, making it straightforward to work with Cerbos data alongside your application models
Rust error handling
Returns Result types for all operations, integrating with the ? operator and standard Rust error handling patterns
What is Cerbos?
Cerbos is an enterprise authorization solution built to secure access across complex, distributed environments, SaaS products, and regulated systems.
It externalizes authorization logic from application code, making access control consistent and centrally managed across all your services. Instead of scattering permission checks throughout your codebase, you make a single API call to the Cerbos PDP.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They live outside your application and can be updated, tested, and deployed independently.
The Rust SDK makes integrating Cerbos straightforward, checking authorization is as simple as calling a function, and the stateless PDP scales horizontally with your infrastructure.
How to authorize with the Rust SDK
- Install the Rust SDK. Add the crate to your project with
cargo add cerbos. - Initialize the Cerbos client. Create an async client pointing at your Cerbos PDP instance running as a sidecar, remote service, or connected via Cerbos Hub.
- Call check_resources(). Pass the principal, resource, and actions. The method returns a Future that resolves to a Result with the authorization decision.
- Cerbos returns allow or deny. The PDP evaluates your YAML policies and returns a decision your application can enforce immediately.
FAQ
How do I use the Cerbos Rust SDK?
Add `cerbos` to your Cargo.toml with `cargo add cerbos`, create an async client pointing at your Cerbos PDP, and call check_resources() with the principal, resource, and actions. The SDK is fully async and returns typed Result values.
Does the Rust SDK support async runtimes?
Yes. The SDK is built on tonic and tokio, so it integrates natively with the Rust async ecosystem. All authorization checks are non-blocking async operations.
Is the Rust SDK open source?
Yes. All Cerbos SDKs are open source and available on GitHub. They are actively maintained and kept up to date with the latest Cerbos PDP features.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Rust
- Authorization check via a single function call in Rust
- Policies evolve independently of application code
- Full audit trail for every authorization decision
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.