Supabase Service Role JWT
#
Description#
General- Documentation: https://supabase.io/docs/learn/auth-deep-dive/auth-deep-dive-jwts
- Summary: Supabase provides an assisted solution to deploy a web application backend (database and API). JWT tokens are used as a means of authentication when performing API calls. This detector aims at catching service role JWT tokens, that have admin rights over the whole database.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: All service role JWT tokens have admin rights over the account.
#
Revoke the secretThere currently isn't an automated way to rotate a JWT. If a JWT has been compromised, support@supabase.io can provide assistance.
#
Check for suspicious activityThis feature is not mentioned in the documentation.
Supabase service role jwt
#
Details for Family: Api
Category: Data storage
Company: Supabase
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 4.86
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - supabase
#
Examples- text: > supabase_service_role_jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjMzNjIwMTcxLCJleHAiOjIyMDg5ODUyMDB9.pHnckabbMbwTHAJOkb5Z7G7B4chY6GllJf6K2m96z3A token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjMzNjIwMTcxLCJleHAiOjIyMDg5ODUyMDB9.pHnckabbMbwTHAJOkb5Z7G7B4chY6GllJf6K2m96z3A