Managing Environment Variables
Managing secrets and environment variables.
It's common that you will need to use sensitive information or environment-specific variables inside your Edge Functions. You can access these using Deno's built-in handler
_10Deno.env.get('MY_SECRET_NAME')
Default secrets
Edge Functions have access to these secrets by default:
SUPABASE_URL
: The API gateway for your Supabase project.SUPABASE_ANON_KEY
: Theanon
key for your Supabase API. This is safe to use in a browser when you have Row Level Security enabled.SUPABASE_SERVICE_ROLE_KEY
: Theservice_role
key for your Supabase API. This is safe to use in Edge Functions, but it should NEVER be used in a browser. This key will bypass Row Level Security.SUPABASE_DB_URL
: The URL for your PostgreSQL database. You can use this to connect directly to your database.
Local secrets
You can load environment variables in two ways:
- Through an
.env
file placed atsupabase/functions/.env
, which is automatically loaded onsupabase start
- Through the
--env-file
option forsupabase functions serve
, for example:supabase functions serve --env-file ./path/to/.env-file
Let's create a local file for storing our secrets, and inside it we can store a secret MY_NAME
:
_10echo "MY_NAME=Yoda" >> ./supabase/.env.local
This creates a new file ./supabase/.env.local
for storing your local development secrets.
Never check your .env files into Git!
Now let's access this environment variable MY_NAME
inside our Function. Anywhere in your function, add this line:
_10console.log(Deno.env.get('MY_NAME'))
Now we can invoke our function locally, by serving it with our new .env.local
file:
_10supabase functions serve --env-file ./supabase/.env.local
When the function starts you should see the name “Yoda” output to the terminal.
Production secrets
Let's create a .env
for production. In this case we'll just use the same as our local secrets:
_10cp ./supabase/.env.local ./supabase/.env
This creates a new file ./supabase/.env
for storing your production secrets.
Never check your .env
files into Git!
Let's push all the secrets from the .env
file to our remote project using supabase secrets set
:
_10supabase secrets set --env-file ./supabase/.env_10_10# You can also set secrets individually using:_10supabase secrets set MY_NAME=Chewbacca
You don't need to re-deploy after setting your secrets.
To see all the secrets which you have set remotely, use supabase secrets list
:
_10supabase secrets list