Using service role in Edge Function
I assumed that using Admin role inside Edge Function was perfectly safe. I was treating it like I was creating a private API route like I usually would in Python. I see no reason why I can't do everything with an admin role, if I am vetting the input data the request receives.
But out of curiosity, I asked claude to review one of my edge functions, and was told I should very rarely use a service role in edge functions. I just can't see why not.
Can someone explain to me why I shouldn't?
4 Replies
It is (or at least was before the latest API key changes) in the environment variables provided by Supabase for Edge Functions and is used all the time.
Sorry Gary I'm not sure what you're trying to say
It is secure in edge functions.
But it is going away with the new API keys.
I'm not sure what the recommend key is for edge functions if you change to the new API keys, mainly because I've not looked into it yet.
OK, understood. Thanks