Running SpiceDB with Postgresql using docker-compose

2 min readMay 3, 2023

SpiceDb is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. It can handle complex data models, and act as a centralized service that stores authorization data in one place. SpiceDB supports a variety of storage engines, including Postgresql. This blog will explore how to set up and run SpiceDB with Postgresql as the storage backend.

Repository

GitHub - akoserwal/authzed-postgresql: Use docker compose to run spicedb with postgresql

Use docker compose to run spicedb with postgresql. Contribute to akoserwal/authzed-postgresql development by creating…

github.com

Prerequisites

To follow this tutorial, you will need:

A Linux or macOS machine
Docker installed on your machine

Step 1: Set up Postgresql

Getting started with Postgresql requires you to install it first. Postgresql can be installed directly on your machine or using Docker. We will use Docker to set up Postgresql in this tutorial.

First, setup the database name, user, and password in the secrets folders

user: db.user
password: db.password
datapase name: db.name

Start reading PostgreSQL

./start-postgresql.sh

By running this command, a new container named Postgresql will be started with the latest version of Postgresql. It exposes the Postgresql port to the host machine on port 5432.

Step 2: Set up SpiceDB

The next step is to set up SpiceDB. We will use Docker compose to run SpiceDB with config in the env file.

docker-compose --env-file .env  up -d

You will see output like

Step 3: Verify SpiceDB is running

Open URL http://localhost:8080/ in the browser. If you see this page. You are all set to use SpiceDB.

Follow the instructions using the zed client using the preshared key.

zed context set first-dev-context :50051 "foobar" --insecure

Try Read schema

zed schema read

You will get an error like this:

Error: rpc error: code = NotFound desc = No schema has been defined; please call WriteSchema to start

This means zed client is able to connect with SpiceDB. You can now import schema into SpiceDB.

Import Schema

We can import a playground schema.


 zed import https://play.authzed.com/s/iksdFvCtvnkR/schema

Check Permission

We can use a `zed permission check` based on the relationships in the schema. For example:

zed permission check resource:jira view user:ceo

Output: true

Another permission check for example:

zed permission check resource:jira manage user:cto

Output: true

In this post, we learn how to set up SpiceDB with the Postgresql database using docker-compose. Use zed client to test the connection, set up the schema, and play with the permission check end-point in the SpiceDB.