Supabase JWT Secret
#
Description#
General- Documentation: https://supabase.io/docs/learn/auth-deep-dive/auth-deep-dive-jwts
- Summary: Supabase provides an assisted solution to deploy a web application backend (database and api). JWT tokens are used as a means of authentication when performing API calls. This detector aims at catching JWT secrets, these can be used to forge JWT tokens, as well as to verify existing ones.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: All JWT secrets have the same permission.
#
Revoke the secretThere currently isn't an automated way to rotate a JWT secret. If a JWT secret has been compromised, support@supabase.io can provide assistance.
#
Check for suspicious activityThis feature is not mentioned in the documentation.
Supabase jwt secret
#
Details for Family: Api
Category: Other
Company: Supabase
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.019
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false- type: ContentWhitelistPreValidator patterns: - supabase
#
Examples- text: > supabase_jwt_secret: a9f198b2-efb4-40c7-91af-ab426481345d client_secret: a9f198b2-efb4-40c7-91af-ab426481345d