https://authzed.com logo
#spicedb
Title
# spicedb
a

anthonyr

09/29/2022, 12:52 AM
Hey everyone, I had two really quick questions in ๐Ÿงต If this isn't the best place to ask them, would really appreciate someone sending me in the right direction ๐Ÿ˜„.
Question 1: Is it possible to create multiple tokens for use with the API? Ideally with appropriately scoped perms. e.g. A token which allows check relationship but not update schema. So far, I haven't been able to find any info regarding this in the docs.
Question 2: Is there some trick to using Zed? Whenever I create a context and then use that context to do a
zed schema read
as suggested by the docs, I get
Error: must first save a token: see zed token save --help
but
zed token save
doesn't appear to be a command (neither does
zed token
for that matter...).
j

Joey

09/29/2022, 12:58 AM
1) is this for SpiceDB locally or authzed.com?
2) what OS are you running on?
a

anthonyr

09/29/2022, 12:58 AM
1) SpiceDB running in a Kubernetes cluster.
j

Joey

09/29/2022, 12:59 AM
are you using the operator?
a

anthonyr

09/29/2022, 12:59 AM
2) Linux/Ubuntu
No, not using the Operator. We ended up running with our own manifests
j

Joey

09/29/2022, 1:01 AM
okay
well, for #1, you can add another shared key to be used
however, we do not currently support downscoping them
for #2, make sure the zed binary has access to your keychain (or equivalent)
and then use
zed context set
to create a new context
a

anthonyr

09/29/2022, 1:04 AM
Neat, okay. What's the process for creating another key? Is scoping them something that Authzed has on its roadmap?
Ahh okay... I think the issue could be no access to the keychain... It's a jumpbox so there's probably some issues there. I'll take a look ๐Ÿ˜„
Also, I left some notes on this GitHub issue about why we didn't go with the Operator for this deployment: https://github.com/authzed/spicedb-operator/issues/61#issuecomment-1261604353
j

Joey

09/29/2022, 1:07 AM
you just specify it on the CLI in the same arg
> spicedb serve --grpc-preshared-key "somerandomkeyhere,anotherkeyhere"
and gotcha
I believe issue #1 you listed is on the roadmap for the operator
@ecordell would know more
a

anthonyr

09/29/2022, 1:15 AM
Sweet, thanks for that. Will go with that approach for now. In terms of generating keys that are scoped, is that something that's on the roadmap for SpiceDB? Would it be worth raising a GitHub issue about adding that feature?
Cool, overall the Operator is pretty neat and was impressed with how quickly we were able to stand up a SpiceDB cluster with it. However it was just those couple of pieces which meant it was unfortunately a no go.
j

Joey

09/29/2022, 1:18 AM
scoped keys are on our roadmap for our enterprise offering
a

anthonyr

09/29/2022, 1:24 AM
Okay awesome, really helpful to know
Looking good, really appreciate your help!