Supabase

Connect your Supabase organization to Ciphrix using a Supabase Personal Access Token (PAT) for automated compliance monitoring of your Supabase projects.

Capabilities

The Supabase integration provides the following capabilities:

✅ Compliance Checks

Automatically verify security configurations and compliance controls across your Supabase projects including:

SSL enforcement for database connections
Row Level Security (RLS) on public tables
Storage bucket public access settings
Authentication security settings including MFA, password length, anonymous sign-ins, and email confirmation
Session timeout configuration
SSO provider configuration
Daily backups and Point-in-Time Recovery (PITR)
Data API schema exposure

🔄 Import Asset

Import and track Supabase projects as assets in your Ciphrix inventory.

How to Connect Supabase

Prerequisites

Before connecting Supabase, ensure you have:

A Supabase account with access to the projects you want to monitor
Administrative access to your Supabase organization or projects
Permission to create a Supabase Personal Access Token

Important Management API Notes

Ciphrix uses the Supabase Management API for this integration.

Use a Supabase Personal Access Token from your Supabase account settings.
Do not use a Supabase project anon key.
Do not use a Supabase project service role key.
Do not use a database password or connection string.
Ciphrix uses the token to read project-level security configuration from the Supabase Management API.
Ciphrix does not use the Supabase project Data API to read table rows or application data.

Connection Instructions

Step 1: Create a Supabase Personal Access Token

Log in to Supabase
- Go to https://supabase.com/dashboard
- Sign in with the account that has access to the Supabase projects you want Ciphrix to monitor
Open Account Settings
- Click your profile/avatar menu in the Supabase dashboard
- Open Account Settings
- Navigate to Access Tokens
Generate a New Token
- Click Generate new token
- Enter a descriptive token name such as Ciphrix Compliance Monitoring
- Generate the token
Copy and Store the Token Securely
- Copy the token value immediately
- Supabase may only show the token once
- Store it securely until you add it to Ciphrix

Step 2: Initiate Supabase Connection in Ciphrix

You have two options to initiate the Supabase connection:

Option A: From Integration Library (Recommended)

Navigate to Integration Library
- Log in to ciphrix.app
- Go to Integrations in the sidebar
- Go to the Integration Library tab
- Search for or browse to Supabase
Connect Supabase
- Click the Connect button on the Supabase integration tile
- A connection form will appear

Option B: From Create Connection

Navigate to Create Connection
- Log in to ciphrix.app
- Go to Integrations in the sidebar
- Click Create Connection
Select Supabase
- From the connection provider dropdown, select Supabase
- A connection form will appear

Step 3: Fill Connection Details

Enter Connection Information
- Connection Name: Enter a friendly name for this connection
  - Example: "Production Supabase"
  - Example: "Engineering Supabase Projects"
  - Example: "Main Supabase Organization"
- Connection Identifier: Enter a clear identifier for this Supabase connection
  - Example: your Supabase organization slug
  - Example: your team or environment name
- Access Token: Paste the Supabase Personal Access Token created in Step 1
- Select Items: Select the Supabase capabilities in Ciphrix you want to enable. Compliance checks are enabled by default
Create Connection
- Click Create or Save
- Wait for the connection to be validated

Step 4: Verify Connection

Check Connection Status
- After creating the connection, you'll see the integration status
- Status should show Connected or Active
Initial Scan
- Ciphrix will automatically begin scanning your Supabase projects
- Ciphrix scans your environment once a week
- You can contact support@ciphrix.com to know your next scan date
- Compliance checks will run automatically
View Results
- Navigate to Monitoring
- View compliance check results and findings for your Supabase projects
- If asset import is enabled, navigate to Assets to view imported Supabase project assets

Permissions and Data Access

The Supabase PAT must allow Ciphrix to read Supabase Management API configuration for the projects available to the token owner.

Ciphrix uses Management API access to review:

Project inventory and project metadata
Database SSL enforcement settings
Public table RLS configuration through Supabase Management API read-only database query endpoints
Storage bucket public/private configuration
Auth configuration including MFA, password, anonymous sign-in, email confirmation, sessions, and SSO settings
Backup and PITR configuration
PostgREST/Data API schema exposure settings

Ciphrix does not require or use:

Supabase anon keys
Supabase service role keys
Direct database credentials
Application table data access through the project Data API
Write access to modify Supabase project configuration

Managing the Integration

Rotating the Personal Access Token

To rotate the token used by Ciphrix:

Create a new Supabase Personal Access Token in Supabase Account Settings
Go to Integrations in Ciphrix
Open the existing Supabase connection
Update the saved access token
Save the connection
Revoke the old token in Supabase after confirming the new token works

Revoking Access

To revoke Ciphrix's access to Supabase:

Go to Supabase Account Settings
Navigate to Access Tokens
Find the token created for Ciphrix
Revoke or delete the token
In Ciphrix, disable or delete the Supabase connection

Note: Revoking the Supabase PAT will prevent future Supabase scans from completing successfully.

Troubleshooting

Connection Failed

Issue: Ciphrix cannot validate the Supabase connection

Confirm you pasted a Supabase Personal Access Token, not an anon key or service role key
Confirm the token has not expired or been revoked
Confirm the Supabase account that created the token has access to the projects you want to monitor
Create a new token and try again if the token value may have been copied incorrectly

No Projects Found

Issue: The connection succeeds but no Supabase projects appear in results

Confirm the Supabase account that created the token has access to the expected organization and projects
Confirm the projects are active in Supabase
If projects belong to another Supabase organization, create the PAT from an account with access to that organization

No Compliance Data Appearing

Issue: Integration connected but no compliance data is visible for more than 7 days

Confirm the connection status is Active in Ciphrix
Confirm the Supabase token is still valid
Contact Ciphrix Support at support@ciphrix.com

Token Was Exposed

Issue: The Supabase PAT may have been shared or exposed

Revoke the token immediately in Supabase Account Settings
Create a new Supabase PAT
Update the Supabase connection in Ciphrix with the new token

Support

Need help with Supabase integration?

Email: support@ciphrix.com
Supabase Token Issues: Verify your Personal Access Token in Supabase Account Settings

Capabilities​

✅ Compliance Checks​

🔄 Import Asset​

How to Connect Supabase​

Prerequisites​

Important Management API Notes​

Connection Instructions​

Step 1: Create a Supabase Personal Access Token​

Step 2: Initiate Supabase Connection in Ciphrix​

Option A: From Integration Library (Recommended)​

Option B: From Create Connection​

Step 3: Fill Connection Details​

Step 4: Verify Connection​

Permissions and Data Access​

Managing the Integration​

Rotating the Personal Access Token​

Revoking Access​

Troubleshooting​

Connection Failed​

No Projects Found​

No Compliance Data Appearing​

Token Was Exposed​

Support​