Recommended Pattern for Cron Job -> Edge Function Auth (Post-`pgjwt`/`pgsodium`)
Hey everyone,
I'm trying to find the officially recommended pattern for a Postgres cron job to securely authenticate and call an Edge Function, and I've hit a few walls with deprecated methods.
What I’m trying to achieve:
I have a background job scheduled with
What’s going wrong:
My main challenge has been programmatically creating a service_role JWT within Postgres. My journey to find a solution has felt like a process of elimination:
1. The Supabase CLI no longer provides a static, long-lived
2. The
3. The documentation now discourages direct use of
4. The
This has led me to a workaround: manually generating a long-lived JWT on a site like jwt.io, then storing that static token in the Vault for my cron job to retrieve.
My Question:
While the "generate-once-store" pattern might work (haven't tested it yet, but it seems like it should), it feels like a sub-optimal, manual setup step. I'm wondering if I've missed a more integrated, programmatic solution.
What is the official, future-proof Supabase pattern for a Postgres function to authenticate itself to call an Edge Function? Is the intended solution to use an Edge Function as a utility to sign tokens for Postgres, or is the manual "generate-once-store" pattern the recommended approach for this use case?
Thanks for any guidance!
Environment:
Supabase CLI:
Postgres Version:
Platform: Local development on macOS (Apple Silicon)
I'm trying to find the officially recommended pattern for a Postgres cron job to securely authenticate and call an Edge Function, and I've hit a few walls with deprecated methods.
What I’m trying to achieve:
I have a background job scheduled with
pg_cronpg_netWhat’s going wrong:
My main challenge has been programmatically creating a service_role JWT within Postgres. My journey to find a solution has felt like a process of elimination:
1. The Supabase CLI no longer provides a static, long-lived
service_role_key2. The
pgjwt3. The documentation now discourages direct use of
pgsodium4. The
supabase/vaultvault.sign()This has led me to a workaround: manually generating a long-lived JWT on a site like jwt.io, then storing that static token in the Vault for my cron job to retrieve.
My Question:
While the "generate-once-store" pattern might work (haven't tested it yet, but it seems like it should), it feels like a sub-optimal, manual setup step. I'm wondering if I've missed a more integrated, programmatic solution.
What is the official, future-proof Supabase pattern for a Postgres function to authenticate itself to call an Edge Function? Is the intended solution to use an Edge Function as a utility to sign tokens for Postgres, or is the manual "generate-once-store" pattern the recommended approach for this use case?
Thanks for any guidance!
Environment:
Supabase CLI:
2.48.3Postgres Version:
17.6Platform: Local development on macOS (Apple Silicon)
