Supabase CLI config

Description

A string used to distinguish different Supabase projects on the same host. Defaults to the working directory name when running supabase init.

Description

Enable the local GoTrue service.

Description

The base URL of your website. Used as an allow-list for redirects and for constructing URLs used in emails.

Description

A list of exact URLs that auth providers are permitted to redirect to post authentication.

Description

How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 seconds (one week).

Description

If disabled, the refresh token will never expire.

Description

Allows refresh tokens to be reused after expiry, up to the specified interval in seconds. Requires enable_refresh_token_rotation = true.

Description

Allow/disallow new user signups to your project.

Description

Allow/disallow anonymous sign-ins to your project.

Description

Allow/disallow new user signups via email to your project.

Description

If enabled, a user will be required to confirm any email change on both the old, and new email addresses. If disabled, only the new email is required to confirm.

Description

If enabled, users need to confirm their email address before signing in.

Description

If enabled, requires the user's current password to be provided when changing to a new password.

Description

The minimum amount of time that must pass between email requests. Helps prevent email spam by limiting how frequently emails can be sent. Example values: "1m", "1h", "24h"

Description

The length of the OTP code to be sent in emails. Must be between 6 and 10 digits.

Description

The expiry time for an OTP code in seconds. Default is 300 seconds (5 minutes).

Description

Hostname or IP address of the SMTP server.

Description

Port number of the SMTP server.

Description

Username for authenticating with the SMTP server.

Description

Password for authenticating with the SMTP server.

Description

Email used as the sender for emails sent from the application.

Description

Display name used as the sender for emails sent from the application.

Description

The full list of email template types are:

• invite
• confirmation
• recovery
• magic_link
• email_change

Description

The full list of email template types are:

• invite
• confirmation
• recovery
• magic_link
• email_change

Description

Allow/disallow new user signups via SMS to your project.

Description

If enabled, users need to confirm their phone number before signing in.

Description

Use pre-defined map of phone number to OTP for testing.

Usage

1[auth.sms.test_otp]
24152127777 = "123456"

Description

Use an external SMS provider. The full list of providers are:

• twilio
• twilio_verify
• messagebird
• textlocal
• vonage

Description

Twilio Account SID

Description

Twilio Message Service SID

Description

Twilio Auth Token

DO NOT commit your Twilio auth token to git. Use environment variable substitution instead.

Description

MessageBird Originator

Description

MessageBird Access Key

DO NOT commit your MessageBird access key to git. Use environment variable substitution instead.

Description

TextLocal Sender

Description

TextLocal API Key

DO NOT commit your TextLocal API key to git. Use environment variable substitution instead.

Description

Vonage From

Description

Vonage API Key

Description

Vonage API Secret

DO NOT commit your Vonage API secret to git. Use environment variable substitution instead.

Description

Use an external OAuth provider. The full list of providers are:

• apple
• azure
• bitbucket
• discord
• facebook
• github
• gitlab
• google
• kakao
• keycloak
• linkedin
• notion
• twitch
• twitter
• slack
• spotify
• workos
• zoom

Description

Client ID for the external OAuth provider.

Description

Client secret for the external OAuth provider.

DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead.

Description

The base URL used for constructing the URLs to request authorization and access tokens. Used by gitlab and keycloak. For gitlab it defaults to https://gitlab.com. For keycloak you need to set this to your instance, for example: https://keycloak.example.com/realms/myrealm .

Description

The URI a OAuth2 provider will redirect to with the code and state values.

Description

Disables nonce validation during OIDC authentication flow for the specified provider. Enable only when client libraries cannot properly handle nonce verification. Be aware that this reduces security by allowing potential replay attacks with stolen ID tokens.

Description

Enable WebAuthn enrollment for multi-factor authentication.

Description

Enable WebAuthn verification for multi-factor authentication.

Description

Enable the local PostgREST service.

Description

Port to use for the API URL.

Usage

1[api]
2port = 54321

Description

Schemas to expose in your API. Tables, views and functions in this schema will get API endpoints. public and storage are always included.

Description

Extra schemas to add to the search_path of every request. public is always included.

Description

The maximum number of rows returned from a view, table, or stored procedure. Limits payload size for accidental or malicious requests.

Description

Port to use for the local database URL.

Description

Port to use for the local shadow database.

Description

The database major version to use. This has to be the same as your remote database's. Run SHOW server_version; on the remote database to check.

Description

Enable the local PgBouncer service.

Description

Port to use for the local connection pooler.

Description

Specifies when a server connection can be reused by other clients. Configure one of the supported pooler modes: transaction, session.

Description

How many server connections to allow per user/database pair.

Description

Sets the planner's assumption about the effective size of the disk cache. This is a query planner parameter that doesn't affect actual memory allocation.

Description

Specifies the amount of memory to be used by logical decoding, before writing data to local disk.

Description

Specifies the maximum amount of memory to be used by maintenance operations, such as VACUUM, CREATE INDEX, and ALTER TABLE ADD FOREIGN KEY.

Description

Determines the maximum number of concurrent connections to the database server. Note: Changing this parameter requires a database restart.

Description

Controls the average number of object locks allocated for each transaction. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of parallel workers that can be started by a single utility command.

Description

Sets the maximum number of parallel workers that the system can support. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of parallel workers that can be started by a single Gather or Gather Merge node.

Description

Specifies the maximum number of replication slots that the server can support. Note: Changing this parameter requires a database restart.

Description

Specifies the maximum size of WAL files that replication slots are allowed to retain in the pg_wal directory.

Description

Sets the maximum delay before canceling queries when a hot standby server is processing archived WAL data.

Description

Sets the maximum delay before canceling queries when a hot standby server is processing streamed WAL data.

Description

Sets the maximum size of WAL files that the system will keep in the pg_wal directory.

Description

Specifies the maximum number of concurrent connections from standby servers or streaming base backup clients. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of background processes that the system can support. Note: Changing this parameter requires a database restart.

Description

Controls whether triggers and rewrite rules are enabled. Valid values are: "origin", "replica", or "local".

Description

Sets the amount of memory the database server uses for shared memory buffers. Note: Changing this parameter requires a database restart.

Description

Abort any statement that takes more than the specified amount of time.

Description

Record commit time of transactions. Note: Changing this parameter requires a database restart.

Description

Specifies the minimum size of past log file segments kept in the pg_wal directory.

Description

Terminate replication connections that are inactive for longer than this amount of time.

Description

Specifies the amount of memory to be used by internal sort operations and hash tables before writing to temporary disk files.

Description

Maximum number of client connections allowed.

Description

Enables running seeds when starting or resetting the database.

Description

An array of files or glob patterns to find seeds in.

Description

Enable the local Supabase Studio dashboard.

Description

Port to use for Supabase Studio.

Description

External URL of the API server that frontend connects to.

Description

Enable the local Realtime service.

Description

Bind realtime via either IPv4 or IPv6. (default: IPv6)

Description

Enable the local Storage service.

Description

The maximum file size allowed (e.g. "5MB", "500KB").

Description

Controls whether a function is deployed or served. When set to false, the function will be skipped during deployment and won't be served locally. This is useful for disabling demo functions or temporarily disabling a function without removing its code.

Description

By default, when you deploy your Edge Functions or serve them locally, it will reject requests without a valid JWT in the Authorization header. Setting this configuration changes the default behavior.

Note that the --no-verify-jwt flag overrides this configuration.

Description

Specify the Deno import map file to use for the Function.

Note that the --import-map flag overrides this configuration.

Description

Specify a custom entrypoint path for the function relative to the project root. When not specified, defaults to supabase/functions/<function_name>/index.ts.

Usage

1[functions.my_function]
2entrypoint = "path/to/custom/function.ts"

Description

Enable the local Logflare service.

Description

Port to the local Logflare service.

Description

Port to the local syslog ingest service.

Description

Configure one of the supported backends:

• postgres
• bigquery

Description

Automatically enable webhook features on each new created branch Note: This is an experimental feature and may change in future releases.

Description

Configures Postgres storage engine to use OrioleDB with S3 support. Note: This is an experimental feature and may change in future releases.

Description

Configures S3 bucket URL for OrioleDB storage. Format example: <bucket_name>.s3-<region>.amazonaws.com Note: This is an experimental feature and may change in future releases.

Description

Configures S3 bucket region for OrioleDB storage. Example: us-east-1 Note: This is an experimental feature and may change in future releases.

Description

Configures AWS_ACCESS_KEY_ID for S3 bucket access. DO NOT commit your AWS access key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

Description

Configures AWS_SECRET_ACCESS_KEY for S3 bucket access. DO NOT commit your AWS secret key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

Description

Enable the local InBucket service.

Description

Port to use for the email testing server web interface.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

Description

Port to use for the email testing server SMTP port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the SMTP server from this port.

Description

Port to use for the email testing server POP3 port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the POP3 server from this port.