4b6817381b
Benchmark image — build + push to ECR (any adapter) / build + push (push) Waiting to run
CI / quality (ubuntu-latest) (push) Waiting to run
CI / test (tools-runtime) (push) Waiting to run
CI / test (e2e-general) (push) Waiting to run
CI / test (cli-runtime) (push) Waiting to run
CI / test (e2e-provider-and-openclaw) (push) Waiting to run
CI / test (integrations-and-misc) (push) Waiting to run
CI / coverage-report (push) Blocked by required conditions
CI / test-kubernetes (push) Waiting to run
CI / should-run-thorough (push) Waiting to run
CI / test-thorough (cloudwatch-demo) (push) Blocked by required conditions
CI / test-thorough (flink-ecs) (push) Blocked by required conditions
CI / test-thorough (upstream-lambda) (push) Blocked by required conditions
CI / test-thorough (prefect-ecs-fargate) (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Blocked by required conditions
Release / publish-release (push) Blocked by required conditions
Release / publish-main-release (push) Blocked by required conditions
Release / prepare (push) Waiting to run
Release / verify (push) Blocked by required conditions
Release / build-python-dist (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Blocked by required conditions
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Waiting to run
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
115 lines
3.2 KiB
Plaintext
115 lines
3.2 KiB
Plaintext
---
|
|
title: "Supabase"
|
|
description: "Connect Supabase so OpenSRE can diagnose database, API, and authentication issues during investigations"
|
|
---
|
|
|
|
Supabase powers many modern applications. When something goes wrong with your database, APIs, or authentication flows, OpenSRE can use your Supabase project configuration to investigate issues, inspect resources, and gather operational insights.
|
|
|
|
## What you'll need
|
|
|
|
* A Supabase project
|
|
* Your Supabase Project URL
|
|
* A Supabase Service Role Key
|
|
* Permissions to access project resources
|
|
|
|
## Connecting Supabase
|
|
|
|
### Guided walkthrough
|
|
|
|
Let's set this up together:
|
|
|
|
```bash
|
|
opensre integrations setup
|
|
```
|
|
|
|
Pick **Supabase** and enter your project credentials when prompted.
|
|
|
|
### DIY: Using environment variables
|
|
|
|
Or add these directly to your `.env`:
|
|
|
|
```bash
|
|
SUPABASE_URL=https://your-project.supabase.co
|
|
SUPABASE_SERVICE_KEY=your_service_role_key
|
|
```
|
|
|
|
| Variable | Description |
|
|
| ---------------------- | ------------------------- |
|
|
| `SUPABASE_URL` | Supabase project URL |
|
|
| `SUPABASE_SERVICE_KEY` | Supabase service role key |
|
|
|
|
### Option 3: Persistent store
|
|
|
|
```json
|
|
{
|
|
"version": 1,
|
|
"integrations": [
|
|
{
|
|
"id": "supabase-prod",
|
|
"service": "supabase",
|
|
"status": "active",
|
|
"credentials": {
|
|
"url": "https://your-project.supabase.co",
|
|
"service_key": "your_service_role_key"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
## Finding your Supabase credentials
|
|
|
|
1. Log in to Supabase
|
|
2. Open your project
|
|
3. Navigate to **Settings** → **API**
|
|
4. Copy the **Project URL**
|
|
5. Copy the **Service Role Key**
|
|
6. Add these values to your OpenSRE configuration
|
|
|
|
<Info>
|
|
The Service Role Key has elevated privileges. Store it securely and never expose it in client-side applications or public repositories.
|
|
</Info>
|
|
|
|
## Investigation tools
|
|
|
|
When OpenSRE investigates a Supabase-related alert, these tools are available:
|
|
|
|
### Service health
|
|
|
|
Checks the health of PostgREST, Auth, Storage, and other Supabase services for the project. Useful when triaging 503 or 401 errors from a Supabase-backed application.
|
|
|
|
### Storage buckets
|
|
|
|
Lists all Storage buckets and their configuration metadata — public vs private access, file size limits, and allowed MIME types.
|
|
|
|
## Verify it works
|
|
|
|
Let's make sure everything is connected:
|
|
|
|
```bash
|
|
opensre integrations verify supabase
|
|
```
|
|
|
|
Expected output:
|
|
|
|
```
|
|
Service: supabase
|
|
Status: passed
|
|
Detail: Connected to Supabase project ...
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
| Symptom | Fix |
|
|
| --- | --- |
|
|
| **401 Unauthorized** | Confirm the **Service Role Key** (not the anon key) is set in `SUPABASE_SERVICE_KEY`. |
|
|
| **Invalid project URL** | Use the Project URL from Settings → API (`https://your-project.supabase.co`). |
|
|
| **Health check shows degraded service** | Check the Supabase status page and project dashboard for the affected service. |
|
|
| **Storage bucket not found** | Verify the bucket name in the investigation matches an existing bucket in the project. |
|
|
|
|
## Security best practices
|
|
|
|
- Use the **service role key** only on the server side — never in client apps or public repos.
|
|
- Rotate the service role key if it is ever exposed.
|
|
- Prefer a dedicated Supabase project or restricted key for investigation workloads when possible.
|