skills/supabase-postgres-best-practices
1
0
Fork 0
mirror of https://github.com/supabase/agent-skills.git synced 2026-03-27 10:09:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct pg_cron schema, API key types, and migration up docs

Browse Source 
- pg_cron requires pg_catalog schema, not extensions (critical fix)
- Add publishable/secret key types to Identifying Keys section
- Fix Dashboard path to Settings > API Keys
- Fix migration up comment: applies all pending, not single

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Pedro Rodrigues
2026-02-09 16:00:54 +00:00
parent afb57a74fc
commit cbfce7ac2a
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
skills/supabase/references/db-migrations-testing.md
View File

@@ -69,7 +69,7 @@ on conflict (id) do nothing;
## Test Specific Migration
```bash
# Apply single pending migration
# Apply all pending migrations
supabase migration up
# Check migration status

4
skills/supabase/references/db-schema-extensions.md
View File

@@ -36,8 +36,8 @@ create index idx_name_trgm on users
-- Vector similarity search (AI embeddings)
create extension if not exists vector with schema extensions;
-- Scheduled jobs
create extension if not exists pg_cron with schema extensions;
-- Scheduled jobs (pg_cron requires pg_catalog, not extensions)
create extension if not exists pg_cron with schema pg_catalog;
-- HTTP requests from database
create extension if not exists pg_net with schema extensions;

10
skills/supabase/references/db-security-service-role.md
View File

@@ -58,14 +58,16 @@ SUPABASE_SERVICE_ROLE_KEY=eyJ... # NEVER prefix with NEXT_PUBLIC_
## Identifying Keys
- **Anon key**: `role` claim is `anon`
- **Service role key**: `role` claim is `service_role`
- **Anon key**: `role` claim is `anon` (legacy)
- **Service role key**: `role` claim is `service_role` (legacy)
- **Publishable key**: Safe to expose in client-side code (newer recommended approach)
- **Secret key**: Server-only, replaces service role key (newer recommended approach)
Decode JWT at [jwt.io](https://jwt.io) to verify.
Decode JWT at [jwt.io](https://jwt.io) to verify legacy keys.
## If Service Key is Exposed
1. Immediately rotate keys in Dashboard > Settings > API
1. Immediately rotate keys in Dashboard > Settings > API Keys
2. Review database for unauthorized changes
3. Check logs for suspicious activity
4. Update all backend services with new key