mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-29 04:47:04 +00:00
e074668c6b
This pull request addresses an issue where ZITADEL's initialization process could fail in environments with restricted database permissions, such as managed database services (e.g., Google Cloud SQL, Amazon RDS, Azure PostgreSQL). ## Which problem is solved Previously, `zitadel init` (and its sub commands) and `zitadel start-from-init` commands would attempt to execute `CREATE DATABASE`, `CREATE USER`, and `GRANT` statements. These commands often fail if the provided database user lacks superuser privileges, which is a common security practice in hosted database environments. ## How the problem is solved With this change, Zitadel is now smarter during initialization. It checks if the database and user specified in your configuration already exist and are accessible. If they are, ZITADEL will skip the creation and grant commands, allowing for a seamless setup even with a less-privileged database user. ## Additional information closes #10730 closes https://github.com/zitadel/zitadel/issues/8198 ### How to leverage this feature (skip admin commands) To have ZITADEL skip the database administration commands, you need to configure it so that the initialization process can use the already-existing database and user. This is achieved by pointing the admin access in your ZITADEL configuration to the user and database that ZITADEL will use for its operations. In your ZITADEL configuration file (e.g., zitadel.yaml), configure the Database section as follows: ```yaml Database: Postgres: Database: existing_database # Admin credentials should be the same as the application user credentials Admin: User: zitadel-user ExistingDatabase: existing_database # this is used to connect the admin to the previously created database # Application user credentials User: User: zitadel-user ``` --------- Co-authored-by: Marco A. <marco@zitadel.com>