S
Supabase7d ago
Poppy5

Vault - Creating secrets in edge functions

Hey all, I'm trying to create a vault secret inside my edge functions, using supabase-js. Tried so many variations, both of supabase.rpc() and supabase.select() - but nothing works. The RPC call throws this - 
Could not find the function public.vault.create_secret(secret_description, secret_name, secret_value) in the schema cache
Could not find the function public.vault.create_secret(secret_description, secret_name, secret_value) in the schema cache
The select throws this - 
failed to parse select parameter (vault.create_secret()...)
failed to parse select parameter (vault.create_secret()...)
The docs around the Vault are very minimal. Would love for some help here !
5 Replies
garyaustin
garyaustin7d ago
You access other schemas with .schema(‘vault’).from. Otherwise the schema is always public. Problem is though vault is not exposed to the API and not sure service_role has grants. An RPC call to a security definer function might be needed but take away grants to anon and authenticated for it.
Poppy5
Poppy5OP7d ago
Cool, now that I use the .schema (and RPC) I get this - 
2025-08-17T13:40:40.814945343Z   code: "PGRST106",
2025-08-17T13:40:40.814950218Z   details: null,
2025-08-17T13:40:40.814952759Z   hint: null,
2025-08-17T13:40:40.814955218Z   message: "The schema must be one of the following: public, graphql_public"
2025-08-17T13:40:40.814957551Z }
2025-08-17T13:40:40.814945343Z   code: "PGRST106",
2025-08-17T13:40:40.814950218Z   details: null,
2025-08-17T13:40:40.814952759Z   hint: null,
2025-08-17T13:40:40.814955218Z   message: "The schema must be one of the following: public, graphql_public"
2025-08-17T13:40:40.814957551Z }
The issue is that using the local env i'm not sure how I should expose the vault schema.
garyaustin
garyaustin7d ago
You would have to set the schema in the .toml file setting to allow access. It is a PostgREST setting. BUT you should not allow access to Vault to the API.
Poppy5
Poppy5OP7d ago
That's amazing - works like a charm. I would say that the vault operations needs a mention in the docs.
silentworks
silentworks7d ago
Which vault operations would those be?

Did you find this page helpful?