Supabase db pull command gives dump file with database triggers making http request with jwt token #36373

SadmanYasar · 2025-06-12T18:52:28Z

SadmanYasar
Jun 12, 2025

Hi. I am currently facing an issue where the migration file with database triggers that call an edge function with jwt token is included.

The line in migration file:

CREATE OR REPLACE TRIGGER "TRIGGER NAME" AFTER INSERT OR UPDATE ON "public"."table name" FOR EACH ROW EXECUTE FUNCTION "supabase_functions"."http_request"('https://URL/functions/v1/NAME OF FUNCTION', 'POST', '{"Content-type":"application/json","Authorization":"Bearer TOKEN INCLUDED HERE"}', '{}', '5000');

Making the repository public means this key is exposed and becomes a security issue. What can be done to still include the trigger code but hide or remove the token from the migration file? I may be wrong but can the token be passed as environment variable in the migration? Or should the migration files be kept private in this case? TIA.

SirFrey · 2025-12-05T20:36:32Z

SirFrey
Dec 5, 2025

could you do something?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Supabase

Supabase db pull command gives dump file with database triggers making http request with jwt token #36373

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Supabase

Supabase db pull command gives dump file with database triggers making http request with jwt token #36373

Uh oh!

Uh oh!

SadmanYasar Jun 12, 2025

Replies: 1 comment

Uh oh!

SirFrey Dec 5, 2025

SadmanYasar
Jun 12, 2025

SirFrey
Dec 5, 2025