Skip to main content

Supabase JWT Secret



  • Documentation:
  • Summary: Supabase provides an assisted solution to deploy a web application backend (database and API). JWT tokens are used as a means of authentication when performing API calls. This detector aims at catching JWT secrets, these can be used to forge JWT tokens, as well as to verify existing ones.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: All JWT secrets have the same permission.

Revoke the secret

There currently isn't an automated way to rotate a JWT secret. If a JWT secret has been compromised, can provide assistance.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for Supabase jwt secret

  • Family: Api

  • Category: Data storage

  • Company: Supabase

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.019

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
- supabase


- text: |
supabase_jwt_secret: a9f198b2-efb4-40c7-91af-ab446581309d
client_secret: a9f198b2-efb4-40c7-91af-ab446581309d

How can I help you ?