Here’s a structured and ready-to-post GitHub Feature Request:
⸻
🚀 Feature Request: Config-Based Webhook Management for Edge Functions
Summary
Currently, database webhooks in Supabase must be created either: • Manually via Supabase Studio, or • Through SQL migration files
This causes security and configuration management issues, especially when authentication tokens are required.
I propose enabling webhook configuration via the config.toml file, similar to other Supabase resources, with automatic provisioning during GitHub Actions or local CLI deploys.
⸻
❗ Current Problems
When creating webhooks through migrations, any required token (e.g. Bearer token) must be embedded in SQL.
This introduces security risks: • Tokens are stored in version control. • Token rotation becomes difficult. • Secrets management becomes inconsistent.
⸻
Webhook URLs are hardcoded in SQL migrations.
This prevents: • Environment-based configuration (dev/staging/prod) • Automatic inheritance of Edge Function URLs • Cleaner CI/CD workflows
⸻
✅ Proposed Solution
Allow webhook configuration inside config.toml.
Example:
[webhook] table = "table_name" on_action = "insert" # insert | update | delete name = "webhook_name" edge_function = "function_directory_name" jwt_enabled = true
⸻
🔧 Expected Behavior
When: • A Pull Request is opened and Supabase GitHub Actions run OR • supabase deploy is executed locally
Supabase should: 1. Automatically create/update the webhook. 2. Resolve the Edge Function URL automatically. 3. Inject the correct environment-specific URL. 4. Automatically attach the JWT/Bearer token if jwt_enabled = true. 5. Avoid storing any token inside migration files.
⸻
🎯 Benefits • 🔐 Improved security (no secrets in migrations) • 🌍 Environment-aware configuration • 🔄 Better CI/CD integration • 📦 Infrastructure-as-code consistency • 🧼 Cleaner repository history • ♻️ Easier token rotation
⸻
💡 Why This Matters
Edge Functions are increasingly used as backend logic triggered by database changes. Managing their webhooks manually or through SQL introduces friction and security concerns.
Providing first-class webhook support in config.toml would align webhook handling with other Supabase-managed resources and significantly improve developer experience.
⸻
If helpful, I’d be happy to contribute or help define a more detailed specification.
The user proposes a feature to manage webhooks for Edge Functions via the config.toml file, addressing security and configuration management issues. This would allow automatic provisioning during GitHub Actions or local CLI deploys, improving security and CI/CD workflows.