Supabase Security Basics

Overview

Supabase exposes a Postgres database directly to the internet via PostgREST. Every table without Row Level Security enabled is fully readable and writable by anyone with your project URL and anon key — both of which are public. This skill covers the three pillars of Supabase security: key separation (anon vs service_role), RLS policy enforcement, and API surface hardening.

Prerequisites

Supabase project created (local or hosted) with Dashboard access
@supabase/supabase-js installed (npm install @supabase/supabase-js)
SUPABASE_URL and SUPABASE_ANON_KEY environment variables configured
Basic understanding of SQL and Postgres

Instructions

Step 1 — Understand the Two API Keys

Supabase issues two keys per project. Confusing them is the most common security mistake:

Related skills

More from jeremylongshore/claude-code-plugins-plus-skills

Installs

Repository

jeremylongshore…s-skills

GitHub Stars

2.2K

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykPass

supabase-security-basics

Supabase Security Basics

Overview

Prerequisites

Instructions

Step 1 — Understand the Two API Keys

More from jeremylongshore/claude-code-plugins-plus-skills

backtesting-trading-strategies

mindmap-generator

svg-icon-generator

performance-lighthouse-runner

tracking-crypto-prices

d2-diagram-creator