Skip to content

Improve local development credential documentation #402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Improve local development credential documentation #402

wants to merge 2 commits into from
+26 −1

Conversation

@ivanauth
Copy link
Contributor

Addresses #350 by clarifying when to use INSECURE_PLAINTEXT_CREDENTIALS vs INSECURE_LOCALHOST_ALLOWED for local development scenarios.

Changes

  • Added Local Development section to client-libraries.mdx with insecure credential options for all supported languages
  • Added callout in protecting-a-blog.mdx explaining insecure credentials for all client libraries
  • Updated Node.js code example comment for clarity

Context

Teams using Orbstack or Docker with non-localhost hostnames (e.g., *.orb.local) were confused about which security setting to use. This makes it clear that insecure plaintext credentials work for all local development scenarios including localhost, Docker, Orbstack, and other non-TLS setups.

Fixes #350

@ivanauth
Clarify local development security settings for non-localhost scenarios
f98e8bb 
Fixes authzed#350

Updated documentation to address confusion around INSECURE_PLAINTEXT_CREDENTIALS
vs INSECURE_LOCALHOST_ALLOWED when using Orbstack, Docker, or other non-localhost
setups for local SpiceDB development.

Changes:
- Added callout explaining when to use INSECURE_PLAINTEXT_CREDENTIALS
- Clarified INSECURE_LOCALHOST_ALLOWED limitations with Docker/Orbstack hostnames
- Added "Local Development Tips" section with quick reference for all languages
- Production examples remain secure and production-ready
@ivanauth
Improve local development credential documentation
5db994c 
Address issue with INSECURE_PLAINTEXT_CREDENTIALS vs INSECURE_LOCALHOST_ALLOWED
confusion for non-localhost scenarios. Improved formatting and conciseness to
match existing documentation style.

Fixes authzed#350
@vercel
Copy link

vercel bot commented Oct 23, 2025

@ivanauth is attempting to deploy a commit to the authzed Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make it clearer that INSECURE_PLAINTEXT_CREDENTIALS should be used for local development

1 participant

@ivanauth