This guide covers all the environment variables required to configure SpiceDB for FlowX deployments, based on production configurations.
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_DATASTORE_ENGINE | ✅ | Database engine type | postgres | Only PostgreSQL is supported in FlowX |
SPICEDB_DATASTORE_CONN_URI | ✅ | PostgreSQL connection string | postgres://postgres:password@postgresql-spicedb:5432/spicedb?sslmode=disable | Include sslmode=disable for internal cluster communication |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_GRPC_PRESHARED_KEY | ✅ | Pre-shared key for gRPC authentication | your-secure-key-here | Must match FlowX Engine’s SPICEDB_TOKEN |
SPICEDB_GRPC_NO_TLS | ⚠️ | Disable TLS for gRPC connections | true | Set to true for internal Kubernetes communication |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_LOG_LEVEL | ⚠️ | Logging verbosity level | debug | Use debug for troubleshooting, info for production |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_HTTP_ENABLED | ⚠️ | Enable HTTP API server | true | Required for health checks and debugging |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_DATASTORE_BOOTSTRAP_OVERWRITE | ⚠️ | Allow schema overwrite during bootstrap | true | Useful for development; be cautious in production |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_GRPC_SHUTDOWN_GRACE_PERIOD | ⚠️ | Grace period before forced shutdown | 1s | Allows graceful connection termination |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_TELEMETRY_ENDPOINT | ⚠️ | Telemetry collection endpoint | "" (empty) | Set to empty string to disable telemetry |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
PGHOST | ✅ | PostgreSQL hostname | postgresql-spicedb | Kubernetes service name |
PGPORT | ✅ | PostgreSQL port | 5432 | Standard PostgreSQL port |
PGUSER | ✅ | PostgreSQL username | postgres | Database user for connection testing |
PGPASSWORD | ✅ | PostgreSQL password | your-db-password | Should be stored in Kubernetes Secret |
Variable | Required | Description | Example | Notes |
---|---|---|---|---|
SPICEDB_DATASTORE_ENGINE | ✅ | Database engine type | postgres | Same as main container |
SPICEDB_LOG_LEVEL | ⚠️ | Migration logging level | debug | Helpful for troubleshooting migrations |
SPICEDB_DATASTORE_CONN_URI | ✅ | Database connection string | postgres://postgres:password@postgresql-spicedb:5432/spicedb?sslmode=disable | Same as main container |
Variable | Description | Value | Notes |
---|---|---|---|
SPICEDB_ENDPOINT | SpiceDB gRPC endpoint | spicedb-service:50051 | Kubernetes service name and gRPC port |
SPICEDB_TOKEN | Authentication token | Same as SPICEDB_GRPC_PRESHARED_KEY | Must match exactly |
SPICEDB_INSECURE | Skip TLS verification | true for internal cluster | Set to false when using TLS |
SPICEDB_DATASTORE_ENGINE=postgres
SPICEDB_DATASTORE_CONN_URI
(valid PostgreSQL connection string)SPICEDB_GRPC_PRESHARED_KEY
(secure random string)SPICEDB_LOG_LEVEL=info
(or debug
for troubleshooting)SPICEDB_HTTP_ENABLED=true
(for health checks)SPICEDB_TELEMETRY_ENDPOINT=""
(disable telemetry)SPICEDB_GRPC_NO_TLS=true
(for internal Kubernetes communication)SPICEDB_GRPC_SHUTDOWN_GRACE_PERIOD=1s
(graceful shutdowns)