CRE-2025-0078

SpiceDB Database Schema Failures: Missing Core TablesHigh

Impact: 10/10

Mitigation: 2/10

CRE-2025-0078View on GitHub

SpiceDBMigration FailureSchema ErrorPostgreSQL

Description

Detects critical SpiceDB database schema failures caused by missing core tables like\n`metadata`, `alembic_version`, or `relation_tuple_transaction`. These errors often stem\nfrom incomplete migrations, startup race conditions, or schema corruption, resulting in\na complete breakdown of SpiceDB authorization capabilities.\n

Mitigation

IMMEDIATE ACTIONS:\n- Stop the SpiceDB service immediately to prevent further inconsistent behavior.\n- Check PostgreSQL connectivity and schema integrity.\n- Run: `psql -U postgres -d spicedb -c \"\\dt\"` to inspect existing tables.\n- If tables are missing, initialize and apply migrations:\n `spicedb migrate init && spicedb migrate head`\n

References

• https://docs.authzed.com/spicedb/concepts/datastore-migrations
• https://github.com/authzed/spicedb/issues?q=relation+does+not+exist
• https://alembic.sqlalchemy.org
• https://github.com/authzed/spicedb/issues/1712