Skip to main content
Supabase powers many modern applications. When something goes wrong with your database, APIs, or authentication flows, OpenSRE can use your Supabase project configuration to investigate issues, inspect resources, and gather operational insights.

What you’ll need

  • A Supabase project
  • Your Supabase Project URL
  • A Supabase Service Role Key
  • Permissions to access project resources

Connecting Supabase

Guided walkthrough

Let’s set this up together: 
opensre integrations setup
Pick Supabase and enter your project credentials when prompted.

DIY: Using environment variables

Or add these directly to your .env: 
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_KEY=your_service_role_key
VariableDescription
SUPABASE_URLSupabase project URL
SUPABASE_SERVICE_KEYSupabase service role key

Option 3: Persistent store

{
  "version": 1,
  "integrations": [
    {
      "id": "supabase-prod",
      "service": "supabase",
      "status": "active",
      "credentials": {
        "url": "https://your-project.supabase.co",
        "service_key": "your_service_role_key"
      }
    }
  ]
}

Finding your Supabase credentials

  1. Log in to Supabase
  2. Open your project
  3. Navigate to SettingsAPI
  4. Copy the Project URL
  5. Copy the Service Role Key
  6. Add these values to your OpenSRE configuration
The Service Role Key has elevated privileges. Store it securely and never expose it in client-side applications or public repositories.

Investigation tools

When OpenSRE investigates a Supabase-related alert, these tools are available:

Service health

Checks the health of PostgREST, Auth, Storage, and other Supabase services for the project. Useful when triaging 503 or 401 errors from a Supabase-backed application.

Storage buckets

Lists all Storage buckets and their configuration metadata — public vs private access, file size limits, and allowed MIME types.

Verify it works

Let’s make sure everything is connected: 
opensre integrations verify supabase
Expected output: 
Service: supabase
Status: passed
Detail: Connected to Supabase project ...

Troubleshooting

SymptomFix
401 UnauthorizedConfirm the Service Role Key (not the anon key) is set in SUPABASE_SERVICE_KEY.
Invalid project URLUse the Project URL from Settings → API (https://your-project.supabase.co).
Health check shows degraded serviceCheck the Supabase status page and project dashboard for the affected service.
Storage bucket not foundVerify the bucket name in the investigation matches an existing bucket in the project.

Security best practices

  • Use the service role key only on the server side — never in client apps or public repos.
  • Rotate the service role key if it is ever exposed.
  • Prefer a dedicated Supabase project or restricted key for investigation workloads when possible.