Installing with the Operator
The recommended way to install SpiceDB for a production system is with the operator on Kubernetes, see the operator docs for installation details.
The other installation options below can be helpful to test SpiceDB locally, or to run on a non-Kubernetes system.
Other install options
The commands documented here do not configure best practices for production deployments. For example, TLS is disabled and data is not persisted when SpiceDB is shut down. See the guide for selecting a datastore.
docker pull authzed/spicedb
docker run --name spicedb \ -p 50051:50051 \ authzed/spicedb serve \ --grpc-preshared-key "somerandomkeyhere"
brew install authzed/tap/spicedb
spicedb serve --grpc-preshared-key "somerandomkeyhere"
Download the binary
Binaries are available to download on the releases page.
Authzed maintains GitHub Actions for integrating SpiceDB with your CI/CD pipelines:
- action-spicedb: Runs SpiceDB such that each Bearer Token provided by the client is allocated its own isolated, ephemeral datastore.
By using unique tokens in each of your application's integration tests, they can be executed in parallel safely against a single instance of SpiceDB.
Equivalent to running
- action-spicedb-validate: Validates SpiceDB schema files. Schema files can be easily exported from the playground.
Equivalent to running
Verifying that SpiceDB is running
A variety of clients/tools can be used to interact with the API.
zed is the official CLI client and can be used to check that SpiceDB is running, write schema and relationships, and perform other operations against SpiceDB:
Running via brew
zed is available via brew on macOS and Linux.
brew install authzed/tap/zed
zed context set local localhost:50051 "somerandomkeyhere" --insecure zed schema read --insecure
In addition to CLI flags, SpiceDB also supports configuration via environment variables.
You can replace any command's argument with an environment variable by converting dashes into underscores and prefixing with
The following are equivalent:
spicedb serve --grpc-preshared-key=somerandomkeyhere SPICEDB_GRPC_PRESHARED_KEY=somerandomkeyhere spicedb serve
Environment variables can be set directly, or via
spicedb.env file located in the current working directory.
Config values are parsed with the following precedence:
- Specified via command line flag
- Set via environment variables
- Loaded from
- Default values of application
Continue with the Protecting Your First App guide to learn how to use SpiceDB to protect your application and read Configuring Dispatching to learn more about how to configure your SpiceDB for production-level dispatching and caching.