#1
Cerbos
Cerbos is a scalable, language-agnostic authorization layer for defining and evaluating context-aware access control policies via a dedicated Policy Decision Point (PDP) API.
Cerbos is a language-agnostic authorization layer that externalizes permissions into context-aware policies evaluated by a stateless Policy Decision Point (PDP). It is designed to support least-privilege access control across applications, APIs, services, and modern workloads.
Key Features
- Policy-based authorization using simple YAML policies for resources, actions, and principals
- Context-aware decisions with conditional rules and attribute-based access control (ABAC)
- Derived roles and principal-specific policies for dynamic and exception-driven authorization
- Stateless PDP service exposing APIs for authorization checks and query planning
- Multiple policy storage backends (e.g., local disk, Git-based workflows, and supported databases)
- Designed for scalable, highly available deployments (service, sidecar, or other runtime patterns)
Use Cases
- Centralize authorization for microservices, APIs, and web applications with consistent rules
- Implement fine-grained RBAC/ABAC for multi-tenant or enterprise software
- Offload authorization logic from application code to a dedicated decision service
Cerbos helps teams manage authorization as code, enabling clearer permission logic, easier auditing of intent, and safer evolution of access rules as systems grow.
4.2kstars
171forks