Question 1: Is it possible to create multiple tokens for use with the API? Ideally with appropriately scoped perms. e.g. A token which allows check relationship but not update schema. So far, I haven't been able to find any info regarding this in the docs.

Question 2: Is there some trick to using Zed? Whenever I create a context and then use that context to do a

zed schema read

as suggested by the docs, I get

Error: must first save a token: see zed token save --help

but

zed token save

doesn't appear to be a command (neither does

zed token

for that matter...).

2) what OS are you running on?

No, not using the Operator. We ended up running with our own manifests

well, for #1, you can add another shared key to be used

however, we do not currently support downscoping them

for #2, make sure the zed binary has access to your keychain (or equivalent)

and then use

zed context set

to create a new context

Ahh okay... I think the issue could be no access to the keychain... It's a jumpbox so there's probably some issues there. I'll take a look 😄

Also, I left some notes on this GitHub issue about why we didn't go with the Operator for this deployment: https://github.com/authzed/spicedb-operator/issues/61#issuecomment-1261604353

> spicedb serve --grpc-preshared-key "somerandomkeyhere,anotherkeyhere"

and gotcha

I believe issue #1 you listed is on the roadmap for the operator

@ecordell would know more

Cool, overall the Operator is pretty neat and was impressed with how quickly we were able to stand up a SpiceDB cluster with it. However it was just those couple of pieces which meant it was unfortunately a no go.

Looking good, really appreciate your help!