Getting Started


Docs & Resources

Easy setup of policy testing and distribution with Cerbos CloudSign up to our beta


Cerbos helps users separate their authorization process from their core application code, making their authorization system more scalable, more secure and easier to change as the application evolves.

  • Implement access policies for your software
  • Fine-grained access control that grows with your business
  • An order of magnitude faster than Open Policy Agent based alternatives

What is Cerbos?

It's an access control decision engine for your software that is:

  • Driven by simple API which makes every decision feel like a database call
  • Policy-driven and attribute based for maximum flexibility and scale
  • Decoupled, stateless and runs inside your stack

Why Cerbos?

  • World class, open-source, off-the-shelf authorization layer, up and running in minutes, that can prevent over-provisioning of application and data privileges
  • Collaborate easily with product management and security teams. Evolve authorization policies without having to make changes to the core application code
  • Keep track of every access decision request, result and the reason for the decision for your audit process

Where and how does Cerbos run?

  • Self-hosted: Cerbos lives in your environment where-ever it is, cloud or on-premise: VM, Kubernetes, or serverless
  • Infinite scalability via serverless functions or a sidecar deployment model
  • GitOps enabled policy development and deployment via a full testing suite for CI/CD pipelines

What does Cerbos integrate with?


APIs, SDKs and latency


Low latency APIs:


SDKs for your native environment:


API first approach:

Full audit logs

Cerbos generates audit logs of every request and action for compliance requirements.

  • Capture and log all incoming requests and responses consistently
  • Full trace of every decision made and why it was allowed or denied
  • Debug access requests with detailed information about the roles and attributes
  • Integrate into your existing audit process

Policy flexibility, storage, and version control

Flexible, developer-friendly, YAML based policy authoring to model any business requirement:

Flexible policy storage options:

Policy versioning that allows:

  • Canary deployments
  • Multiple run environments: dev, test, QA, prod, etc.

Deployment and configuration

Runs anywhere.

Meets your infrastructure requirements and business compliance policies wherever they are: Public or private cloud, or on premise.

Deploy and host based on your architecture.

Container orchestration:

  • Service: Share Cerbos among many services
  • Sidecar: Run Cerbos right next to your application
  • or anywhere a container can be run

Serverless: let your cloud provider manage it

Anywhere a binary can be run: