Skills

supabase-security-basics

Installation
SKILL.md

Supabase Security Basics

Overview

Supabase exposes a Postgres database directly to the internet via PostgREST. Every table without Row Level Security enabled is fully readable and writable by anyone with your project URL and anon key — both of which are public. This skill covers the three pillars of Supabase security: key separation (anon vs service_role), RLS policy enforcement, and API surface hardening.

Prerequisites

  • Supabase project created (local or hosted) with Dashboard access
  • @supabase/supabase-js installed (npm install @supabase/supabase-js)
  • SUPABASE_URL and SUPABASE_ANON_KEY environment variables configured
  • Basic understanding of SQL and Postgres

Instructions

Step 1 — Understand the Two API Keys

Supabase issues two keys per project. Confusing them is the most common security mistake:

Installs
1
Repository
jeremylongshore…ins-plus
GitHub Stars
2.2K
First Seen
Apr 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
supabase-security-basics — jeremylongshore/claude-code-plugins-plus