Spice v1.0-rc.1 (Nov 27, 2024)
Announcing the release of Spice v1.0-rc.1 ๐
Spice v1.0.0-rc.1 marks the release candidate for the first major version of Spice.ai OSS. This milestone includes key Connector and Accelerator graduations and bug fixes, positioning Spice for a stable and production-ready release.
Highlights in v1.0-rc.1โ
API Key Authentication: Spice now supports optional authentication for API endpoints via configurable API keys, for additional security and control over runtime access.
Example Spicepod.yml configuration:
runtime:
auth:
api-key:
enabled: true
keys:
- ${ secrets:api_key } # Load from a secret store
- my-api-key # Or specify directly
Usage:
- HTTP API: Include the API key in the
X-API-Keyheader. - Flight SQL: Use the API key in the
Authorizationheader as a Bearer token. - Spice CLI: Provide the
--api-keyflag for CLI commands.
For more details on using API Key auth, refer to the API Auth documentation.
DuckDB Data Connector: Has graduated from Beta to Release Candidate.
Arrow and DuckDB Data Accelerators: Both have graduated from Beta to Release Candidates.
Debezium Kafka Integration: Spice now supports secure authentication and encryption options for Kafka connections when using Debezium for Change Data Capture (CDC). The previous limitation of PLAINTEXT protocol-only connections has been lifted. Spice now supports the following Kafka security configurations:
- Security protocol: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL
- SASL mechanisms: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
Example Spicepod.yml configuration:
datasets:
- from: debezium:my_kafka_topic_with_debezium_changes
name: my_dataset
params:
kafka_security_protocol: SASL_SSL
kafka_sasl_mechanism: SCRAM-SHA-512
kafka_sasl_username: kafka
kafka_sasl_password: ${secrets:kafka_sasl_password}
kafka_ssl_ca_location: ./certs/kafka_ca_cert.pem
