https://cerbos.dev logo
#community
Title
# community
c

Conor Downey

05/26/2023, 7:53 PM
Hi, I see when I read some of hte docs that the policies are stored in yaml. In the How it Works it says the policy repository can be either git, disk or database. If its git or disk then I assume theres are multiple or single yaml files (not sure which yet) for each resource. If you use the db are the yamls files just added as a single entry in one column of a table or are they stored in different tables/columns and when you do a query it builds a yaml from them tables or something?
s

Sam Lock (Cerbos)

05/27/2023, 7:29 AM
Hi Conor!
git
,
disk
and also `blob` drivers indeed store the policies as YAML files (a single file for a single policy, as it stands). For the mutable db drivers, the policies are stored in a single table. The bulk of the policy definition resides within a single binary data-type column, in which we store the serialized data. There's some other metadata related columns also, but that's mostly stuff that can be derived from the serialized policy.
c

Conor Downey

05/29/2023, 3:53 PM
Cool. thanks
Sorry @Sam Lock (Cerbos) one other question. if they are in the db is it in the docs how we would update it for changes to policies? Is that osmething we would handle ourselves or is there some cerbos API or something for that?
s

Sam Lock (Cerbos)

05/30/2023, 5:33 PM
You don't have to worry about interacting with the db itself, that's abstracted away from you. You'd handle dynamic policy changes via the Admin API. Interactions can be via the SDK (an example implementation is detailed here), the cerbosctl utility or directly through the API if you preferred.
So you'd configure one of the mutable stores, enable the Admin API, and populate the db with your policies via one of the above methods once the PDP was up and running 👍
c

Conor Downey

05/30/2023, 6:18 PM
Awesome. thanks again