From a0de68067e3077481d526ef42bbb1c5708b044c8 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 14 Jul 2025 11:15:51 -0600 Subject: docs: add notes on SpiceDB --- share/man/spicedb/README.md | 91 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 share/man/spicedb/README.md diff --git a/share/man/spicedb/README.md b/share/man/spicedb/README.md new file mode 100644 index 00000000..bd6d7798 --- /dev/null +++ b/share/man/spicedb/README.md @@ -0,0 +1,91 @@ +# Spice DB + +SpiceDB is a re-implementation of the [Google Zanzibar][1]. + +## Components + +* `zed`: Command line client +* `spicedb`: The Server + +### zed + +```bash +モ zed --help +A command-line client for managing SpiceDB clusters. + +Usage: + zed [command] + +Available Commands: + backup Create, restore, and inspect permissions system backups + completion Generate the autocompletion script for the specified shell + context Manage configurations for connecting to SpiceDB deployments + help Help about any command + import Imports schema and relationships from a file or url + permission Query the permissions in a permissions system + preview Experimental commands that have been made available for preview + relationship Query and mutate the relationships in a permissions system + schema Manage schema for a permissions system + use Alias for `zed context use` + validate Validates the given validation file (.yaml, .zaml) or schema file (.zed) + version Display zed and SpiceDB version information + +Flags: + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + -h, --help help for zed + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB + +Use "zed [command] --help" for more information about a command. +``` + + +### server + +```bash +モ spicedb --help +A database that stores, computes, and validates application permissions + +Usage: + spicedb [command] + +Examples: + No TLS and in-memory: + spicedb serve --grpc-preshared-key "somerandomkeyhere" + + TLS and a real datastore: + spicedb serve --grpc-preshared-key "realkeyhere" --grpc-tls-cert-path path/to/tls/cert --grpc-tls-key-path path/to/tls/key \ + --http-tls-cert-path path/to/tls/cert --http-tls-key-path path/to/tls/key \ + --datastore-engine postgres --datastore-conn-uri "postgres-connection-string-here" + + +Available Commands: + completion Generate the autocompletion script for the specified shell + datastore datastore operations + help Help about any command + lsp serve language server protocol + serve serve the permissions database + serve-testing test server with an in-memory datastore + version displays the version of SpiceDB + +Flags: + -h, --help help for spicedb + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --skip-release-check if true, skips checking for new SpiceDB releases + +Use "spicedb [command] --help" for more information about a command. +``` + +[1]: https://authzed.com/blog/what-is-google-zanzibar -- cgit v1.2.3