SUPABASE_SERVICE_ROLE_KEY is different in Preview Branch

edge functions

Hi everyone,

I’m running into a strange issue where my Edge Functions are receiving the wrong type of

SUPABASE_SERVICE_ROLE_KEY

SUPABASE_SERVICE_ROLE_KEY

in my Preview environment, causing downstream 401 errors.

I have an orchestrator function that triggers another function using the service role key. The code is identical across both environments, but the environment variable values are being injected differently.

I ran a simple debug script to inspect the key:

 TypeScript
const key = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? "NOT_SET";

console.log(`
  ==================================================
  🕵️‍♂️ ENVIRONMENT VARIABLE DEBUGGER
  ==================================================
  Name   : SUPABASE_SERVICE_ROLE_KEY
  Value  : ${key}
  Length : ${key.length}
  Type   : ${key.startsWith("sb_") ? "❌ PLATFORM TOKEN (WRONG)" : "✅ JWT (CORRECT)"}
  ==================================================
`);

 TypeScript
const key = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? "NOT_SET";

console.log(`
  ==================================================
  🕵️‍♂️ ENVIRONMENT VARIABLE DEBUGGER
  ==================================================
  Name   : SUPABASE_SERVICE_ROLE_KEY
  Value  : ${key}
  Length : ${key.length}
  Type   : ${key.startsWith("sb_") ? "❌ PLATFORM TOKEN (WRONG)" : "✅ JWT (CORRECT)"}
  ==================================================
`);

The Results:

Main - Working: The key is correctly injected as the Service Role JWT.

 JSON
{
  "status": "Logged to console",
  "key_prefix": "eyJhbGciOi",
  "key_length": 219
}

 JSON
{
  "status": "Logged to console",
  "key_prefix": "eyJhbGciOi",
  "key_length": 219
}

Preview Branch - Broken: The key is being injected as a Supabase Platform Token (

sb_secret_

sb_secret_

) instead of the JWT.

 JSON
{
  "status": "Logged to console",
  "key_prefix": "sb_secret_",
  "key_length": 41
}

 JSON
{
  "status": "Logged to console",
  "key_prefix": "sb_secret_",
  "key_length": 41
}

Has anyone seen this behavior where the Preview environment automatically overwrites the

SUPABASE_SERVICE_ROLE_KEY

SUPABASE_SERVICE_ROLE_KEY

with the Platform Secret? I cannot unset it via the CLI because it is a reserved system secret.

Any help would be appreciated!

SUPABASE_SERVICE_ROLE_KEY is different in Preview Branch

edge functions

Hi everyone,

I’m running into a strange issue where my Edge Functions are receiving the wrong type of

SUPABASE_SERVICE_ROLE_KEY

SUPABASE_SERVICE_ROLE_KEY

 TypeScript
const key = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? "NOT_SET";

console.log(`
  ==================================================
  🕵️‍♂️ ENVIRONMENT VARIABLE DEBUGGER
  ==================================================
  Name   : SUPABASE_SERVICE_ROLE_KEY
  Value  : ${key}
  Length : ${key.length}
  Type   : ${key.startsWith("sb_") ? "❌ PLATFORM TOKEN (WRONG)" : "✅ JWT (CORRECT)"}
  ==================================================
`);

 TypeScript
const key = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? "NOT_SET";

console.log(`
  ==================================================
  🕵️‍♂️ ENVIRONMENT VARIABLE DEBUGGER
  ==================================================
  Name   : SUPABASE_SERVICE_ROLE_KEY
  Value  : ${key}
  Length : ${key.length}
  Type   : ${key.startsWith("sb_") ? "❌ PLATFORM TOKEN (WRONG)" : "✅ JWT (CORRECT)"}
  ==================================================
`);

The Results:

Main - Working: The key is correctly injected as the Service Role JWT.

 JSON
{
  "status": "Logged to console",
  "key_prefix": "eyJhbGciOi",
  "key_length": 219
}

 JSON
{
  "status": "Logged to console",
  "key_prefix": "eyJhbGciOi",
  "key_length": 219
}

Preview Branch - Broken: The key is being injected as a Supabase Platform Token (

sb_secret_

sb_secret_

) instead of the JWT.

 JSON
{
  "status": "Logged to console",
  "key_prefix": "sb_secret_",
  "key_length": 41
}

 JSON
{
  "status": "Logged to console",
  "key_prefix": "sb_secret_",
  "key_length": 41
}

Has anyone seen this behavior where the Preview environment automatically overwrites the

SUPABASE_SERVICE_ROLE_KEY

SUPABASE_SERVICE_ROLE_KEY

with the Platform Secret? I cannot unset it via the CLI because it is a reserved system secret.

Any help would be appreciated!

SUPABASE_SERVICE_ROLE_KEY is different in Preview Branch

SUPABASE_SERVICE_ROLE_KEY is different in Preview Branch

Similar Threads

Similar Threads

Similar Threads