--- title: "Supabase" description: "Connect Supabase so OpenSRE can diagnose database, API, and authentication issues during investigations" --- Supabase powers many modern applications. When something goes wrong with your database, APIs, or authentication flows, OpenSRE can use your Supabase project configuration to investigate issues, inspect resources, and gather operational insights. ## What you'll need * A Supabase project * Your Supabase Project URL * A Supabase Service Role Key * Permissions to access project resources ## Connecting Supabase ### Guided walkthrough Let's set this up together: ```bash opensre integrations setup ``` Pick **Supabase** and enter your project credentials when prompted. ### DIY: Using environment variables Or add these directly to your `.env`: ```bash SUPABASE_URL=https://your-project.supabase.co SUPABASE_SERVICE_KEY=your_service_role_key ``` | Variable | Description | | ---------------------- | ------------------------- | | `SUPABASE_URL` | Supabase project URL | | `SUPABASE_SERVICE_KEY` | Supabase service role key | ### Option 3: Persistent store ```json { "version": 1, "integrations": [ { "id": "supabase-prod", "service": "supabase", "status": "active", "credentials": { "url": "https://your-project.supabase.co", "service_key": "your_service_role_key" } } ] } ``` ## Finding your Supabase credentials 1. Log in to Supabase 2. Open your project 3. Navigate to **Settings** → **API** 4. Copy the **Project URL** 5. Copy the **Service Role Key** 6. Add these values to your OpenSRE configuration The Service Role Key has elevated privileges. Store it securely and never expose it in client-side applications or public repositories. ## Investigation tools When OpenSRE investigates a Supabase-related alert, these tools are available: ### Service health Checks the health of PostgREST, Auth, Storage, and other Supabase services for the project. Useful when triaging 503 or 401 errors from a Supabase-backed application. ### Storage buckets Lists all Storage buckets and their configuration metadata — public vs private access, file size limits, and allowed MIME types. ## Verify it works Let's make sure everything is connected: ```bash opensre integrations verify supabase ``` Expected output: ``` Service: supabase Status: passed Detail: Connected to Supabase project ... ``` ## Troubleshooting | Symptom | Fix | | --- | --- | | **401 Unauthorized** | Confirm the **Service Role Key** (not the anon key) is set in `SUPABASE_SERVICE_KEY`. | | **Invalid project URL** | Use the Project URL from Settings → API (`https://your-project.supabase.co`). | | **Health check shows degraded service** | Check the Supabase status page and project dashboard for the affected service. | | **Storage bucket not found** | Verify the bucket name in the investigation matches an existing bucket in the project. | ## Security best practices - Use the **service role key** only on the server side — never in client apps or public repos. - Rotate the service role key if it is ever exposed. - Prefer a dedicated Supabase project or restricted key for investigation workloads when possible.