Home

CLI configuration

A config.toml file is generated after running supabase init.

This file is located in the supabase folder under supabase/config.toml.

general

project_id#

A string used to distinguish different Supabase projects on the same host. Defaults to the working directory name when running supabase init.

Required: true
Default:None

auth

auth.site_url#

The base URL of your website. Used as an allow-list for redirects and for constructing URLs used in emails.

Required: true
Default:"http://localhost:3000"

auth.additional_redirect_urls#

A list of exact URLs that auth providers are permitted to redirect to post authentication.

Required: true
Default:["https://localhost:3000"]

auth.jwt_expiry#

How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 seconds (one week).

Required: true
Default:3600

auth.enable_signup#

Allow/disallow new user signups to your project.

Required: true
Default:true

auth.email.enable_signup#

Allow/disallow new user signups via email to your project.

Required: true
Default:true

auth.email.double_confirm_changes#

If enabled, a user will be required to confirm any email change on both the old, and new email addresses. If disabled, only the new email is required to confirm.

Required: true
Default:true

auth.email.enable_confirmations#

If enabled, users need to confirm their email address before signing in.

Required: true
Default:true

auth.external.<provider>.enabled#

Use an external OAuth provider. The full list of providers are:

  • apple
  • azure
  • bitbucket
  • discord
  • facebook
  • github
  • gitlab
  • google
  • twitch
  • twitter
  • slack
  • spotify

Required: true
Default:true

auth.external.<provider>.client_id#

Client ID for the external OAuth provider.

Required: true
Default:None

auth.external.<provider>.secret#

Client secret for the external OAuth provider.

Required: true
Default:None

auth.external.<provider>.url#

The base URL used for constructing the URLs to request authorization and access tokens. Used by gitlab and keycloak. For gitlab it defaults to https://gitlab.com. For keycloak you need to set this to your instance, for example: https://keycloak.example.com/realms/myrealm .

Required: false
Default:""

auth.external.<provider>.redirect_uri#

The URI a OAuth2 provider will redirect to with the code and state values.

Required: false
Default:""

api

api.port#

Port to use for the API URL.

Required: true
Default:None

api.schemas#

Schemas to expose in your API. Tables, views and functions in this schema will get API endpoints. public and storage are always included.

Required: false
Default:["public", "storage", "graphql_public"]

api.extra_search_path#

Extra schemas to add to the search_path of every request. public is always included.

Required: false
Default:["public"]

api.max_rows#

The maximum number of rows returned from a view, table, or stored procedure. Limits payload size for accidental or malicious requests.

Required: false
Default:1000

database

db.port#

Port to use for the local database URL.

Required: true
Default:None

db.shadow_port#

Port to use for the local shadow database.

Required: false
Default:54320

db.major_version#

The database major version to use. This has to be the same as your remote database's. Run SHOW server_version; on the remote database to check.

Required: true
Default:14

dashboard

studio.port#

Port to use for Supabase Studio.

Required: true
Default:None

local

inbucket.port#

Port to use for the email testing server web interface.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

Required: true
Default:None

inbucket.smtp_port#

Port to use for the email testing server SMTP port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the SMTP server from this port.

Required: false
Default:None

inbucket.pop3_port#

Port to use for the email testing server POP3 port.

Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

If set, you can access the POP3 server from this port.

Required: false
Default:None

storage.file_size_limit#

The maximum file size allowed (e.g. "5MB", "500KB").

Required: false
Default:None

edge-functions

functions.<function_name>.verify_jwt#

By default, when you deploy your Edge Functions or serve them locally, it will reject requests without a valid JWT in the Authorization header. Setting this configuration changes the default behavior.

Note that the --no-verify-jwt flag overrides this configuration.

Required: false
Default:true

functions.<function_name>.import_map#

Specify the Deno import map file to use for the Function.

Note that the --import-map flag overrides this configuration.

Required: false
Default:None
Need some help?

Not to worry, our specialist engineers are here to help. Submit a support ticket through the Dashboard.