Cloud
Connect Supabase
Authenticates a personal access token against the Supabase Management API and reads each project's security advisors (RLS, exposed tables, auth) plus the Postgres version to feed Security Readiness, Cloud Health, and the Lifecycle (EOL) inventory.
What it pulls
Projects (count + health status), each project's security-advisor lints by severity (ERROR→high, WARN→medium) as findings, and the Postgres engine version per project for the End-of-Life inventory. Advisor counts drive Security Readiness; a derived posture + project-health ratio feed Cloud Health.
What you’ll enter
The exact fields the connect form asks for — and where to find each value.
- Personal access token
- supabase.com/dashboard/account/tokens → Generate new token → copy the sbp_… value (shown once). Supabase PATs carry your account's access — the connector only reads projects + advisors (GET only). Treat it as sensitive.
- Project ref (optional — limits the sync to one project)
- Leave blank to scan every project the token can see. To limit it, paste a project ref from Project Settings → General (or the …/project/<ref> URL).
Step-by-step setup
- 1
Generate a personal access token
Open the link above (supabase.com/dashboard/account/tokens) → Generate new token. Name it “ShipReady Metrics” and set a short expiration.
- 2
Copy the token
Copy the sbp_… value now — Supabase shows it only once.
- 3
Limit to one project (optional)
Leave the project ref blank to scan every project the token can see. To limit it, paste a project ref from Project Settings → General (or the …/project/<ref> URL).
- 4
Paste the token and connect
Enter the token in Personal access token and click Connect. We validate it live, encrypt it at rest, read your security advisors, and run the first sync.
Troubleshooting
- Token rejected (401).
- Create a personal access token at supabase.com/dashboard/account/tokens and paste the sbp_… value (shown once). Project API keys (anon/service_role) do NOT work here — the Management API needs a personal access token.
- Access denied (403) for a project.
- The token's account must be a member of the project's organization. Use a token from an account with access, or set the project ref to one the account can see.
- Security Readiness shows “not measured” after connecting.
- Advisors couldn't be read for any scanned project — the connector deliberately scores nothing rather than report a false clean bill. Confirm the account has access and retry Sync now.
Connect with a personal access token — validated live against the Management API (GET /v1/projects), encrypted at rest, then synced. Token connect + sync implemented and mocked-fetch tested against the Supabase Management API; full ingestion runs once a token is provided. If advisors can't be read, nothing is scored (no fabricated clean bill of health).