skills/supabase-postgres-best-practices
1
0
Fork 0
mirror of https://github.com/supabase/agent-skills.git synced 2026-03-27 10:09:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct pg_cron schema, API key types, and migration up docs

Browse Source 
- pg_cron requires pg_catalog schema, not extensions (critical fix)
- Add publishable/secret key types to Identifying Keys section
- Fix Dashboard path to Settings > API Keys
- Fix migration up comment: applies all pending, not single

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Pedro Rodrigues
2026-02-09 16:00:54 +00:00
parent afb57a74fc
commit cbfce7ac2a
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
skills/supabase/references/db-migrations-testing.md
View File

@@ -69,7 +69,7 @@ on conflict (id) do nothing;
## Test Specific Migration ## Test Specific Migration
```bash ```bash
# Apply single pending migration # Apply all pending migrations
supabase migration up supabase migration up
# Check migration status # Check migration status

4
skills/supabase/references/db-schema-extensions.md
View File

@@ -36,8 +36,8 @@ create index idx_name_trgm on users
-- Vector similarity search (AI embeddings) -- Vector similarity search (AI embeddings)
create extension if not exists vector with schema extensions; create extension if not exists vector with schema extensions;
-- Scheduled jobs -- Scheduled jobs (pg_cron requires pg_catalog, not extensions)
create extension if not exists pg_cron with schema extensions; create extension if not exists pg_cron with schema pg_catalog;
-- HTTP requests from database -- HTTP requests from database
create extension if not exists pg_net with schema extensions; create extension if not exists pg_net with schema extensions;

10
skills/supabase/references/db-security-service-role.md
View File

@@ -58,14 +58,16 @@ SUPABASE_SERVICE_ROLE_KEY=eyJ... # NEVER prefix with NEXT_PUBLIC_
## Identifying Keys ## Identifying Keys
- **Anon key**: `role` claim is `anon` - **Anon key**: `role` claim is `anon` (legacy)
- **Service role key**: `role` claim is `service_role` - **Service role key**: `role` claim is `service_role` (legacy)
- **Publishable key**: Safe to expose in client-side code (newer recommended approach)
- **Secret key**: Server-only, replaces service role key (newer recommended approach)
Decode JWT at [jwt.io](https://jwt.io) to verify. Decode JWT at [jwt.io](https://jwt.io) to verify legacy keys.
## If Service Key is Exposed ## If Service Key is Exposed
1. Immediately rotate keys in Dashboard > Settings > API 1. Immediately rotate keys in Dashboard > Settings > API Keys
2. Review database for unauthorized changes 2. Review database for unauthorized changes
3. Check logs for suspicious activity 3. Check logs for suspicious activity
4. Update all backend services with new key 4. Update all backend services with new key