Supabase
Security Checklist

Supabase Security Checklist

Use this checklist to ensure your Supabase application is secure before launch. 6 critical items require immediate attention.

15
Total Items
6
Critical
8
Auto-Scanned
Auto-Scan 8 ItemsSupabase Security Guide

Row Level Security

critical

Enable RLS on all tables

Auto

ALTER TABLE x ENABLE ROW LEVEL SECURITY;

critical

Write SELECT policies

Auto

Control who can read data

critical

Write INSERT policies

Auto

Control who can create data

critical

Write UPDATE policies

Auto

Control who can modify data

critical

Write DELETE policies

Auto

Control who can remove data

medium

Use (select auth.uid()) pattern

Performance optimization for RLS

Key Security

high

Anon key in frontend only

This key is public by design

critical

Service role key server-only

Auto

Never expose in client code

high

Rotate keys if exposed

Generate new keys in dashboard

Functions & RPCs

high

Auth check in functions

Verify auth.uid() in RPC functions

high

SECURITY DEFINER caution

Understand implications of elevated privileges

medium

Input validation

Validate parameters in functions

Authentication

high

Enable email confirmation

Auto

Require email verification

medium

Configure password policy

Auto

Set minimum requirements

high

Set up rate limiting

Protect against brute force

Don't Check Manually

VAS automatically checks 8 of these 15 items. Get instant results with detailed remediation guidance.

Run Automated Security Scan

Related Security Resources

Supabase SecurityHow to Secure SupabaseIs Supabase Safe?