Supabase CLI config

Description

A string used to distinguish different Supabase projects on the same host. Defaults to the working directory name when running supabase init.

Description

Enable the local GoTrue service.

Description

The base URL of your website. Used as an allow-list for redirects and for constructing URLs used in emails.

Description

A list of exact URLs that auth providers are permitted to redirect to post authentication.

Description

How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 seconds (one week).

Description

Allow testing manual linking of accounts

Description

If disabled, the refresh token will never expire.

Description

Allows refresh tokens to be reused after expiry, up to the specified interval in seconds. Requires enable_refresh_token_rotation = true.

Description

Number of emails that can be sent per hour. Requires auth.email.smtp to be enabled.

Description

Number of SMS messages that can be sent per hour. Requires auth.sms to be enabled.

Description

Number of anonymous sign-ins that can be made per hour per IP address. Requires enable_anonymous_sign_ins = true.

Description

Number of sessions that can be refreshed in a 5 minute interval per IP address.

Description

Number of sign up and sign-in requests that can be made in a 5 minute interval per IP address (excludes anonymous users).

Description

Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.

Description

Allow/disallow new user signups to your project.

Description

Allow/disallow anonymous sign-ins to your project.

Description

Allow/disallow new user signups via email to your project.

Description

If enabled, a user will be required to confirm any email change on both the old, and new email addresses. If disabled, only the new email is required to confirm.

Description

If enabled, users need to confirm their email address before signing in.

Description

If enabled, requires the user's current password to be provided when changing to a new password.

Description

The minimum amount of time that must pass between email requests. Helps prevent email spam by limiting how frequently emails can be sent. Example values: "1m", "1h", "24h"

Description

The length of the OTP code to be sent in emails. Must be between 6 and 10 digits.

Description

The expiry time for an OTP code in seconds. Default is 3600 seconds (1 hour).

Description

Hostname or IP address of the SMTP server.

Description

Port number of the SMTP server.

Description

Username for authenticating with the SMTP server.

Description

Password for authenticating with the SMTP server.

Description

Email used as the sender for emails sent from the application.

Description

Display name used as the sender for emails sent from the application.

Description

The full list of email template types are:

• invite
• confirmation
• recovery
• magic_link
• email_change

Description

The full list of email template types are:

• invite
• confirmation
• recovery
• magic_link
• email_change

Description

Allow/disallow new user signups via SMS to your project.

Description

If enabled, users need to confirm their phone number before signing in.

Description

Use pre-defined map of phone number to OTP for testing.

Usage

1[auth.sms.test_otp]
24152127777 = "123456"

Description

Use an external SMS provider. The full list of providers are:

• twilio
• twilio_verify
• messagebird
• textlocal
• vonage

Description

Twilio Account SID

Description

Twilio Message Service SID

Description

Twilio Auth Token

DO NOT commit your Twilio auth token to git. Use environment variable substitution instead.

Description

MessageBird Originator

Description

MessageBird Access Key

DO NOT commit your MessageBird access key to git. Use environment variable substitution instead.

Description

TextLocal Sender

Description

TextLocal API Key

DO NOT commit your TextLocal API key to git. Use environment variable substitution instead.

Description

Vonage From

Description

Vonage API Key

Description

Vonage API Secret

DO NOT commit your Vonage API secret to git. Use environment variable substitution instead.

Description

Use an external OAuth provider. The full list of providers are:

• apple
• azure
• bitbucket
• discord
• facebook
• github
• gitlab
• google
• kakao
• keycloak
• linkedin_oidc
• notion
• twitch
• twitter
• slack_oidc
• spotify
• workos
• zoom

Description

Client ID for the external OAuth provider.

Description

Client secret for the external OAuth provider.

DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead.

Description

The base URL used for constructing the URLs to request authorization and access tokens. Used by gitlab and keycloak. For gitlab it defaults to https://gitlab.com. For keycloak you need to set this to your instance, for example: https://keycloak.example.com/realms/myrealm .

Description

The URI a OAuth2 provider will redirect to with the code and state values.

Description

Disables nonce validation during OIDC authentication flow for the specified provider. Enable only when client libraries cannot properly handle nonce verification. Be aware that this reduces security by allowing potential replay attacks with stolen ID tokens.

Description

Enable Auth Hook. Possible values for hook_name are: custom_access_token, send_sms, send_email, mfa_verification_attempt, and password_verification_attempt.

Description

URI of hook to invoke. Should be a http or https function or Postgres function taking the form: pg-functions://<database>/<schema>/<function-name>. For example, pg-functions://postgres/auth/custom-access-token-hook.

Description

Configure when using a HTTP Hooks. Takes a list of base64 comma separated values to allow for secret rotation. Currently, Supabase Auth uses only the first value in the list.

Description

Enable TOTP enrollment for multi-factor authentication.

Description

Enable TOTP verification for multi-factor authentication.

Description

Control how many MFA factors can be enrolled at once per user.

Description

Enable Phone enrollment for multi-factor authentication.

Description

Length of OTP code sent when using phone multi-factor authentication

Description

The minimum amount of time that must pass between phone requests. Helps prevent spam by limiting how frequently messages can be sent. Example values: "10s", "20s", "1m"

Description

Length of OTP sent when using phone multi-factor authentication

Description

Enable Phone verification for multi-factor authentication.

Description

Enable WebAuthn enrollment for multi-factor authentication.

Description

Enable WebAuthn verification for multi-factor authentication.

Description

Force log out after the specified duration. Sample values include: '50m', '20h'.

Description

Force log out if the user has been inactive longer than the specified duration. Sample values include: '50m', '20h'.

Description

Enable third party auth with AWS Cognito (Amplify)

Description

User Pool ID for AWS Cognito (Amplify) that you are integrating with

Description

User Pool region for AWS Cognito (Amplify) that you are integrating with. Example values: 'ap-southeast-1', 'us-east-1'

Description

Enable third party auth with Auth0

Description

Tenant Identifier for Auth0 instance that you are integrating with

Description

Tenant region for Auth0 instance that you are integrating with

Description

Enable third party auth with Firebase

Description

Project ID for Firebase instance that you are integrating with

Description

Enable the local PostgREST service.

Description

Port to use for the API URL.

Usage

1[api]
2port = 54321

Description

Schemas to expose in your API. Tables, views and functions in this schema will get API endpoints. public and storage are always included.

Description

Extra schemas to add to the search_path of every request. public is always included.

Description

The maximum number of rows returned from a view, table, or stored procedure. Limits payload size for accidental or malicious requests.

Description

Port to use for the local database URL.

Description

Port to use for the local shadow database.

Description

The database major version to use. This has to be the same as your remote database's. Run SHOW server_version; on the remote database to check.

Description

Enable the local PgBouncer service.

Description

Port to use for the local connection pooler.

Description

Specifies when a server connection can be reused by other clients. Configure one of the supported pooler modes: transaction, session.

Description

How many server connections to allow per user/database pair.

Description

Sets the planner's assumption about the effective size of the disk cache. This is a query planner parameter that doesn't affect actual memory allocation.

Description

Specifies the amount of memory to be used by logical decoding, before writing data to local disk.

Description

Specifies the maximum amount of memory to be used by maintenance operations, such as VACUUM, CREATE INDEX, and ALTER TABLE ADD FOREIGN KEY.

Description

Determines the maximum number of concurrent connections to the database server. Note: Changing this parameter requires a database restart.

Description

Controls the average number of object locks allocated for each transaction. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of parallel workers that can be started by a single utility command.

Description

Sets the maximum number of parallel workers that the system can support. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of parallel workers that can be started by a single Gather or Gather Merge node.

Description

Specifies the maximum number of replication slots that the server can support. Note: Changing this parameter requires a database restart.

Description

Specifies the maximum size of WAL files that replication slots are allowed to retain in the pg_wal directory.

Description

Sets the maximum delay before canceling queries when a hot standby server is processing archived WAL data.

Description

Sets the maximum delay before canceling queries when a hot standby server is processing streamed WAL data.

Description

Sets the maximum size of WAL files that the system will keep in the pg_wal directory.

Description

Specifies the maximum number of concurrent connections from standby servers or streaming base backup clients. Note: Changing this parameter requires a database restart.

Description

Sets the maximum number of background processes that the system can support. Note: Changing this parameter requires a database restart.

Description

Controls whether triggers and rewrite rules are enabled. Valid values are: "origin", "replica", or "local".

Description

Sets the amount of memory the database server uses for shared memory buffers. Note: Changing this parameter requires a database restart.

Description

Abort any statement that takes more than the specified amount of time.

Description

Sets the maximum size of the query string that will be tracked in pg_stat_activity.current_query field. Note: Changing this parameter requires a database restart.

Description

Record commit time of transactions. Note: Changing this parameter requires a database restart.

Description

Specifies the minimum size of past log file segments kept in the pg_wal directory.

Description

Terminate replication connections that are inactive for longer than this amount of time.

Description

Specifies the amount of memory to be used by internal sort operations and hash tables before writing to temporary disk files.

Description

Maximum number of client connections allowed.

Description

Enables running seeds when starting or resetting the database.

Description

An array of files or glob patterns to find seeds in.

Description

Enable the local Supabase Studio dashboard.

Description

Port to use for Supabase Studio.

Description

External URL of the API server that frontend connects to.

Description

OpenAI API key used for AI features in the Studio dashboard. DO NOT commit your OpenAI API key to git. Use environment variable substitution instead.

Description

Enable the local Realtime service.

Description

Bind realtime via either IPv4 or IPv6. (default: IPv6)

Description

Enable the local Storage service.

Description

The maximum file size allowed for all buckets in the project.

Description

Enable public access to the bucket.

Description

The maximum file size allowed (e.g. "5MB", "500KB").

Description

The list of allowed MIME types for objects in the bucket.

Description

The local directory to upload objects to the bucket.

Description

Enable the local Edge Runtime service for Edge Functions.

Description

Configure the request handling policy for Edge Functions. Available options:

• oneshot: Recommended for development with hot reload support
• per_worker: Recommended for load testing scenarios

Description

Port to attach the Chrome inspector for debugging Edge Functions.

Description

Controls whether a function is deployed or served. When set to false, the function will be skipped during deployment and won't be served locally. This is useful for disabling demo functions or temporarily disabling a function without removing its code.

Description

By default, when you deploy your Edge Functions or serve them locally, it will reject requests without a valid JWT in the Authorization header. Setting this configuration changes the default behavior.

Note that the --no-verify-jwt flag overrides this configuration.

Description

Specify the Deno import map file to use for the Function. When not specified, defaults to supabase/functions/<function_name>/deno.json.

Note that the --import-map flag overrides this configuration.

Description

Specify a custom entrypoint path for the function relative to the project root. When not specified, defaults to supabase/functions/<function_name>/index.ts.

Usage

1[functions.my_function]
2entrypoint = "path/to/custom/function.ts"

Description

Specify an array of static files to be bundled with the function. Supports glob patterns.

NOTE: only file paths within functions directory are supported at the moment.

Usage

1[functions.my_function]
2static_files = [ "./functions/MY_FUNCTION_NAME/*.html", "./functions/MY_FUNCTION_NAME/custom.wasm" ]

Description

Enable the local Logflare service.

Description

Port to the local Logflare service.

Description

Port to the local syslog ingest service.

Description

Configure one of the supported backends:

• postgres
• bigquery

Description

Automatically enable webhook features on each new created branch Note: This is an experimental feature and may change in future releases.

Description

Configures Postgres storage engine to use OrioleDB with S3 support. Note: This is an experimental feature and may change in future releases.

Description

Configures S3 bucket URL for OrioleDB storage. Format example: <bucket_name>.s3-<region>.amazonaws.com Note: This is an experimental feature and may change in future releases.

Description

Configures S3 bucket region for OrioleDB storage. Example: us-east-1 Note: This is an experimental feature and may change in future releases.

Description

Configures AWS_ACCESS_KEY_ID for S3 bucket access. DO NOT commit your AWS access key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

Description

Configures AWS_SECRET_ACCESS_KEY for S3 bucket access. DO NOT commit your AWS secret key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

Description

Enable the local InBucket service.

Description

Port to use for the email testing server web interface.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

Description

Port to use for the email testing server SMTP port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the SMTP server from this port.

Description

Port to use for the email testing server POP3 port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the POP3 server from this port.

Description

Email used as the sender for emails sent from the application.

Description

Display name used as the sender for emails sent from the application.

Description

The project reference ID for a specific persistent Supabase branch. This ID is used to configure branch-specific settings in your config.toml file for branches deployments. All other configuration options available in the root config are also supported in the remotes block. For example, you can specify branch-specific database settings like so:

Usage

1[remotes.<branch_name>]
2project_id = "your-project-ref"
3
4[remotes.<branch_name>.db.seed]
5sql_paths = ["./seeds/staging.sql"]