Hi All, Is it possible to start a cerbos container configured to use sqlite as the storage to use existing policy files? I'm looking for something just to perform at the initial deployment and then the application can manage the state (and use the persisted policies on the disk) on container start up, I assume. Thanks

Hi! Only way to put policies into a mutable stores are

Admin API

and

cerbosctl

(cerbosctl uses Admin API behind-the-scenes). In order to use

Admin API

or

cerbosctl

, it is required to enable

Admin API

within the Cerbos configuration;

---
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"
  adminAPI:
    enabled: true # this enables Admin API
    adminCredentials: # optional part, should be provided for security reasons in a production environment
        passwordHash: JDJ5JDEwJEdEOVFzZDE2VVhoVkR0N2VkUFBVM09nalc0QnNZaC9xc2E4bS9mcUJJcEZXenp5OUpjMi91Cgo= # bcrypt hashed, base64 encoded 'cerbosAdmin' which is also the default
        username: cerbos # if not provided, default is cerbos

Other configuration parameters and what they do

Admin API

has an Add/Update Policies endpoint, and

cerbosctl

has the cerbosctl put command to fullfil the requirement.

Hi, I'm trying to use the cerbosctl container to put the policies I have in a folder but I keep getting the following: docker run -it ghcr.io/cerbos/cerbosctl:0.29.0 --server=localhost:3593 --username=dummy --password=dummy put policy -R ./docker/policies/ output: cerbosctl: error: put.PolicyCmd.Run(): failed to find: stat /docker/policies: no such file or directory Am I misunderstanding the command usage?

Since

cerbosctl

running in the container doesn’t have access to the directory

./docker/policies

, it doesn’t work. As a solution you may install the

cerbosctl

to your host machine. https://docs.cerbos.dev/cerbos/latest/installation/binary