Automatic key rotation
has anyone set up automatic key rotation within a Supabase project? This is supported by all other major providers but I Don't see a way in the CLI. has anyone built anything on top of the project to allow for this I could use? Also, I'd be happy to build it for the community if I could chat with someone from the supabase team. I need to solve for this for multiple clients and don't want to switch to something like Azure ever again. Oh nightmare...
5 Replies
Hey Thomas, the first that comes to mind is a cron job (with pg_net) that calls the management API to do this on a predefined schedule. More specifically you should be able to reference https://supabase.com/docs/reference/api/v1-create-project-signing-key https://supabase.com/docs/reference/api/v1-update-project-signing-key and https://supabase.com/docs/reference/api/v1-remove-project-signing-key
Management API Reference | Supabase Docs
Management API reference for the Supabase API
Management API Reference | Supabase Docs
Management API reference for the Supabase API
Management API Reference | Supabase Docs
Management API reference for the Supabase API
i think you will need a PAT for each project but these can be kept inside of vault and referenced inside of database functions which hopefully is fine otherwise you might have to also automatically rotate the PAT
Thank you! I will look these over!
Great suggestion @ihm40, I implemented it and am now testing with an app I built today!
Nice