SpiceDbConfig

beep_authz::config

Struct SpiceDbConfig 

Source 
pub struct SpiceDbConfig {
    pub endpoint: String,
    pub token: Option<String>,
}
Expand description

Configuration for connecting to a SpiceDB instance.

SpiceDbConfig contains the necessary connection parameters for establishing a gRPC connection to SpiceDB. It supports configuration via environment variables or command-line arguments using clap.

§Configuration Methods

You can configure SpiceDB connection in three ways:

  1. Directly in code - Create the struct manually
  2. Environment variables - Set SPICEDB_ENDPOINT and SPICEDB_TOKEN
  3. Command-line arguments - Use --spicedb-endpoint and --spicedb-token

§Examples

§Manual configuration

use authz::SpiceDbConfig;

let config = SpiceDbConfig {
    endpoint: "localhost:50051".to_string(),
    token: Some("your-preshared-key".to_string()),
};

§From environment variables

export SPICEDB_ENDPOINT="grpc.authzed.com:443"
export SPICEDB_TOKEN="your-preshared-key"
use authz::SpiceDbConfig;
use clap::Parser;

let config = SpiceDbConfig::parse();

§From command-line arguments

cargo run -- --spicedb-endpoint localhost:50051 --spicedb-token mykey

§Security Note

The token field contains a sensitive preshared key. Ensure it is:

  • Never hardcoded in version control
  • Stored securely (e.g., environment variables, secrets manager)
  • Transmitted only over secure connections (TLS/SSL)

Fields§

§endpoint: String

The SpiceDB endpoint URL.

This should be the gRPC endpoint of your SpiceDB server, including the port. The scheme (http:// or https://) is optional and will be added automatically if not present.

§Examples

  • "localhost:50051" - Local development
  • "grpc.authzed.com:443" - AuthZed managed service
  • "spicedb.example.com:443" - Custom deployment

§Environment Variable

Can be set via SPICEDB_ENDPOINT environment variable.

§Default

Defaults to "localhost:50051" if not specified.

§token: Option<String>

The preshared key for authenticating with SpiceDB.

This is a secret token used to authenticate your application with the SpiceDB server. If None, the connection will be made without authentication (useful for local development with SpiceDB running in insecure mode).

§Security

This token grants access to your authorization data. Keep it secure:

  • Never commit it to version control
  • Use environment variables or a secrets manager
  • Rotate it regularly
  • Use different tokens for different environments

§Environment Variable

Can be set via SPICEDB_TOKEN environment variable.

§Examples

use authz::SpiceDbConfig;

// With authentication
let secure_config = SpiceDbConfig {
    endpoint: "grpc.authzed.com:443".to_string(),
    token: Some("tc_my_secret_token_abc123".to_string()),
};

// Without authentication (local dev only)
let local_config = SpiceDbConfig {
    endpoint: "localhost:50051".to_string(),
    token: None,
};

Trait Implementations§

Source§

impl Args for SpiceDbConfig

Source§

fn group_id() -> Option<Id>

Report the ArgGroup::id for this set of arguments
Source§

fn augment_args<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate Self via FromArgMatches::from_arg_matches_mut Read more
Source§

fn augment_args_for_update<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate self via FromArgMatches::update_from_arg_matches_mut Read more
Source§

impl Clone for SpiceDbConfig

Source§

fn clone(&self) -> SpiceDbConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl CommandFactory for SpiceDbConfig

Source§

fn command<'b>() -> Command

Build a Command that can instantiate Self. Read more
Source§

fn command_for_update<'b>() -> Command

Build a Command that can update self. Read more
Source§

impl Debug for SpiceDbConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl FromArgMatches for SpiceDbConfig

Source§

fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed. Read more
Source§

fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches, ) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed. Read more
Source§

fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.
Source§

fn update_from_arg_matches_mut( &mut self, __clap_arg_matches: &mut ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.
Source§

impl Parser for SpiceDbConfig

Source§

fn parse() -> Self

Parse from std::env::args_os(), exit on error.
Source§

fn try_parse() -> Result<Self, Error>

Parse from std::env::args_os(), return Err on error.
Source§

fn parse_from<I, T>(itr: I) -> Self
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, exit on error.
Source§

fn try_parse_from<I, T>(itr: I) -> Result<Self, Error>
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, return Err on error.
Source§

fn update_from<I, T>(&mut self, itr: I)
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, exit on error. Read more
Source§

fn try_update_from<I, T>(&mut self, itr: I) -> Result<(), Error>
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, return Err on error.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more