Edge Functions

Environment Variables

Manage sensitive data securely across environments.


Default secrets

Edge Functions have access to these secrets by default:

  • SUPABASE_URL: The API gateway for your Supabase project
  • SUPABASE_ANON_KEY: The anon key for your Supabase API. This is safe to use in a browser when you have Row Level Security enabled
  • SUPABASE_SERVICE_ROLE_KEY: The service_role key for your Supabase API. This is safe to use in Edge Functions, but it should NEVER be used in a browser. This key will bypass Row Level Security
  • SUPABASE_DB_URL: The URL for your Postgres database. You can use this to connect directly to your database

Accessing environment variables

You can access environment variables using Deno's built-in handler, and passing it the name of the environment variable you’d like to access.

1
..('NAME_OF_SECRET')

For example, in a function:

1
2
3
4
5
6
7
8
9
10
11
12
13
import { createClient } from 'npm:@supabase/supabase-js@2'// For user-facing operations (respects RLS)const supabase = createClient( Deno.env.get('SUPABASE_URL')!, Deno.env.get('SUPABASE_ANON_KEY')!)// For admin operations (bypasses RLS)const supabaseAdmin = createClient( Deno.env.get('SUPABASE_URL')!, Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!)

Local secrets

In development, you can load environment variables in two ways:

  1. Through an .env file placed at supabase/functions/.env, which is automatically loaded on supabase start
  2. Through the --env-file option for supabase functions serve. This allows you to use custom file names like .env.local to distinguish between different environments.
1
supabase functions serve --env-file .env.local

We can automatically access the secrets in our Edge Functions through Deno’s handler

1
const secretKey = Deno.env.get('STRIPE_SECRET_KEY')

Now we can invoke our function locally. If you're using the default .env file at supabase/functions/.env, it's automatically loaded:

1
supabase functions serve hello-world

Or you can specify a custom .env file with the --env-file flag:

1
supabase functions serve hello-world --env-file .env.local

This is useful for managing different environments (development, staging, etc.).


Production secrets

You will also need to set secrets for your production Edge Functions. You can do this via the Dashboard or using the CLI.

Using the Dashboard:

  1. Visit Edge Function Secrets Management page in your Dashboard.
  2. Add the Key and Value for your secret and press Save

Note that you can paste multiple secrets at a time.

Using the CLI

You can create a .env file to help deploy your secrets to production

1
2
# .envSTRIPE_SECRET_KEY=sk_live_...

You can push all the secrets from the .env file to your remote project using supabase secrets set. This makes the environment visible in the dashboard as well.

1
supabase secrets set --env-file .env

Alternatively, this command also allows you to set production secrets individually rather than storing them in a .env file.

1
supabase secrets set STRIPE_SECRET_KEY=sk_live_...

To see all the secrets which you have set remotely, you can use supabase secrets list

1
supabase secrets list