/Integrations
v1.2Supabase
Validate admin auth, environment consistency, and shadow verification dependencies.
Integration
Supabase
Confirms auth and database access are ready before customers sign up.
Supabase is the auth and database backbone for many launch stacks. A Supabase failure usually means signups break, sessions fail, or paid users never get their entitlement written. PreFlight verifies project alignment, admin access, and auth endpoints before you open registration.
Requirements
- Project URL from Supabase → Settings → API
- Anon key (client-safe, for frontend use)
- Server-side service role key for admin checks—never expose to the browser
Service role is sensitive
The service role key bypasses Row Level Security. Store it in server-only environment variables. If it ever appears in a client bundle, PreFlight's secret-leak scan will flag it—and you should rotate it immediately.
What PreFlight checks
| Probe | What it proves |
|---|---|
| Project + key match | The project URL and keys belong to the same working Supabase project. |
| Admin auth | A temporary user can be created and cleaned up, proving admin access works. |
| Auth endpoints | The auth API answers correctly for the configured providers. |
| RLS audit | Row Level Security is enabled on sensitive tables before launch. |
| Schema sync | Application schema expectations align with the live database. |
| Shadow correlation | Project health and webhook flows can be correlated against stored rows when shadow checks are enabled. |
Failure guidance
| Symptom | Fix |
|---|---|
| Invalid service role key | Copy the server-side key from the correct Supabase project (Settings → API). |
| Auth creation failure | Confirm the project URL and service role key belong to the same environment. |
| Redirect URL mismatch | Verify redirect URLs in Supabase Auth settings match your deployed domain. |
| Shadow verification failure | Confirm the target table and trace column exist in your application schema. |
| RLS violation flagged | Enable RLS on the flagged table and add a restrictive policy. |
Dashboard setup
- Open your project and go to Integrations → Supabase.
- Paste the project URL, anon key, and service role key from Supabase → Settings → API.
- Confirm redirect URLs in Supabase Auth include your production domain.
- Run Pre-Flight Check and review auth, admin, and RLS probe results.
