Suggested setup when using Postgres through ORM, no anon key access
Hello!
I'm using Supabase with Prisma and would like to lock down my database completely to the Supabase client with the anon key etc. I found this comment on Github
https://github.com/orgs/supabase/discussions/4547#discussioncomment-2502325
and was wondering if something like this is a good way to go? It's not something I want to take chances with, so would appreciate any input!
GitHub
Option to disable anon key access to database · supabase · Discussi...
I'm creating and interacting with my Supabase database using Prisma via a node backend, and use the supabase-js client on the frontend solely for auth. I've realised that the supabaseKey ne...
2 Replies
If you revoke api user grants then you are safe. If Steve in those threads suggests something then it is good. He is the main PostgREST guy.
ah that is great to know, thank you as always!!