.env · generator · Supabase
Supabase .env Generator
Supabase gives you four things per project: URL, anon key, service-role key, and JWT secret. The first two are client-safe (protected by Row Level Security). The last two are server-only and bypass RLS entirely.
.env for Supabase · 4 keys
NEXT_PUBLIC_SUPABASE_URL=https://xxxx.supabase.co NEXT_PUBLIC_SUPABASE_ANON_KEY= SUPABASE_SERVICE_ROLE_KEY= SUPABASE_JWT_SECRET=
Secrets regenerate on every page load. Want to combine stacks (e.g., Next.js + Stripe + Supabase)? Use the full generator.
How to use this .env in Supabase
- 1.Open Supabase Dashboard → Project Settings → API to find all four values.
- 2.Paste into .env.local — NEXT_PUBLIC_ prefixes mark the client-safe ones.
- 3.Ensure RLS is enabled on every public table before shipping — the anon key has read/write access otherwise.
- 4.The service-role key must never ship to the browser. Use it only in API routes and server actions.
Gotchas
- ⚠If you forget to enable RLS, anyone can read/write via the anon key. Always enable RLS first.
- ⚠Rotating the service-role key logs out every server that uses it — coordinate the deploy.
- ⚠Supabase Edge Functions read from a separate secrets vault, not your app's .env.
Common keys explained
NEXT_PUBLIC_SUPABASE_URLhttps://xxx.supabase.co — safe to expose.
NEXT_PUBLIC_SUPABASE_ANON_KEYPublic key. Safe to expose — RLS protects data.
SUPABASE_SERVICE_ROLE_KEYAdmin key. Bypasses RLS. Never prefix with NEXT_PUBLIC_.
SUPABASE_JWT_SECRETVerify or sign custom JWTs. Server-only.
Related tools
Other stacks
Node.js .env
/env-generator/nodejs
Next.js .env
/env-generator/nextjs
Django .env
/env-generator/django
Ruby on Rails .env
/env-generator/rails
React (Vite) .env
/env-generator/react
Python (FastAPI / Flask) .env
/env-generator/python
Go .env
/env-generator/go
Docker Compose .env
/env-generator/docker
Kubernetes .env
/env-generator/kubernetes
Stripe .env
/env-generator/stripe
Firebase .env
/env-generator/firebase
OpenAI .env
/env-generator/openai
Laravel .env
/env-generator/laravel