SpiceDB is the most scalable and consistent Google Zanzibar-inspired database for storing and computing permissions data—use it to build global-scale fine grained authorization services.

Expressive APIs

Expressive gRPC and HTTP/JSON APIs for powering authorization logic in your client applications.

Distributed Graph

Distributed, parallel graph engine faithful to the architecture described in Google’s Zanzibar paper.

Prevents New Enemies

A flexible consistency model configurable per-request that includes resistance to the New Enemy Problem.

Configuration Language

Intuitive authorization configuration language — SpiceDB Schema — with CI/CD integrations for validation & testing.

Pluggable Storage

Support for in-memory, Spanner, CockroachDB, PostgreSQL, and MySQL relationship storage.

Deep Observability

Deep observability with Prometheus metrics, pprof profiles, structured logging, and OpenTelemetry tracing.

Latest Release

SpiceDB v1.38.1

vroldanbet released this about 12 hours ago

Release Notes

Don’t reinvent the wheel

Integrate against AuthZed’s globally available authorization service in minutes.

Complete Ecosystem

SpiceDB Tooling

Everything you need to deploy, manage, and integrate SpiceDB.

SpiceDB Operator

Optimize your Day 1 and Day 2 operations the our official Kubernetes SpiceDB Operator.

authzed/spicedb-operatorPublic

Kubernetes controller for managing instances of SpiceDB

`kubectl create spicedbcluster`

Create, manage, and scale SpiceDB clusters with a single Kubernetes resource.

Zero-Downtime Datastore Migrations

Run painless migrations regardless of your backing datastore or SpiceDB version.

Automated Update Channels

Configure clusters to follow release channels and automatically roll out updates.

SpiceDB Docs

Learn Key Concepts

Define a Permissions Schema

Define types of objects, how those objects relate to one another, and the permissions that can be computed from those relationships.

Integrate Your Applications

Integrate with your application using official and community supported client libraries or make requests to the HTTP API endpoint.

Test and Deploy

Use provided tooling to develop and validate schema changes. Use the built-in testing server to run real API calls against test data.

Define Authorization
as Schema

Design tailored authorization systems by defining relationships, permissions based on those relationships, and bits of policy called Caveats.

Learn Together

Join our thriving community to learn about SpiceDB, Zanzibar, production deployments, and more!

Users Online

Get started for free

Join 1000s of companies doing authorization the right way.

Open Source Google Zanzibar

The standard for building authZ services

Features