SpiceDB / Open-source Google Zanzibar
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions.
02a / Concepts
02b / Schema
02c / Features
Expressive gRPC and HTTP/JSON APIs for powering authorization logic in your client applications.
Distributed, parallel graph engine faithful to the architecture described in Google's Zanzibar paper.
A flexible consistency model configurable per-request that includes resistance to the New Enemy Problem.
Intuitive authorization configuration language — SpiceDB Schema — with CI/CD integrations for validation & testing.
Support for in-memory, Spanner, CockroachDB, PostgreSQL, and MySQL relationship storage.
Deep observability with Prometheus metrics, pprof profiles, structured logging, and OpenTelemetry tracing.
03 / Build with it
Everything you need to deploy, manage, and integrate SpiceDB.
Optimize your Day 1 and Day 2 operations with our official Kubernetes SpiceDB Operator.
kubectl apply -f spicedbcluster.yaml — create, manage, and scale SpiceDB clusters with a single Kubernetes resource.The easiest way to interact with your SpiceDB Deployments.
zed validate.A thriving, open ecosystem of official and community programs and libraries used to interact with SpiceDB.
04 / Production
Showcase
Managed option
Hosted, self-service SpiceDB, run by the AuthZed team. Only pay for what you use and skip the ops.
05a / Community
Discord
Ask questions, share what you're building, and meet other people running SpiceDB in production.
Office hours
Recurring deep-dives on schema, query planning, integrations, and production patterns — recordings posted after.
Contribute
SpiceDB is built in the open. Issues, PRs, and discussions live on GitHub — first-time contributors welcome.
SpiceDB as a managed service with self-service resource management, audit logs, and more.