Interface SupabaseEnv

Resolved Supabase environment configuration.

Holds the project URL, API keys, and JWKS needed by every other primitive. Typically resolved automatically from environment variables by resolveEnv, but can be passed explicitly via the env option.

See

resolveEnv for how each field maps to environment variables.

interface SupabaseEnv {
    url: string;
    publishableKeys: Record<string, string>;
    secretKeys: Record<string, string>;
    jwks: JsonWebKeySet | URL | null;
}

Index

Properties

url publishableKeys secretKeys jwks

Properties

url

url: string

Supabase project URL (e.g. "https://<ref>.supabase.co"). Sourced from SUPABASE_URL.

publishableKeys

publishableKeys: Record<string, string>

Named publishable keys. Sourced from SUPABASE_PUBLISHABLE_KEYS (JSON object) or SUPABASE_PUBLISHABLE_KEY (single key, stored as { default: "<value>" }).

secretKeys

secretKeys: Record<string, string>

Named secret keys. Sourced from SUPABASE_SECRET_KEYS (JSON object) or SUPABASE_SECRET_KEY (single key, stored as { default: "<value>" }).

jwks

jwks: JsonWebKeySet | URL | null

JWKS source used for JWT verification.

Sourced from one of (in priority order):

SUPABASE_JWKS — inline JSON. Resolves to a JsonWebKeySet.
SUPABASE_JWKS_URL — remote endpoint. Resolves to a URL; keys are fetched lazily and cached in memory (cooldown / max-age handled by jose). https:// is always accepted; plain http:// is accepted only for loopback hosts (localhost, 127.0.0.0/8, ::1) to support the Supabase CLI. Any other http:// URL is rejected to prevent MITM swap-in of a forged signing key.

null when no JWKS is configured (JWT verification will be unavailable). Each env var is authoritative when set: a malformed value resolves to null rather than falling through to the other variable.

Interface SupabaseEnv

See

Index

Properties

Properties

url

publishableKeys

secretKeys

jwks

Settings

On This Page