Managing config and secrets

The Supabase CLI uses a config.toml file to manage local configuration. This file is located in the supabase directory of your project.

Config reference

The config.toml file is automatically created when you run supabase init.

There are a wide variety of options available, which can be found in the CLI Config Reference.

For example, to enable the "Apple" OAuth provider for local development, you can append the following information to config.toml:


_10[auth.external.apple]
_10enabled = false
_10client_id = ""
_10secret = ""
_10redirect_uri = "" # Overrides the default auth redirectUrl.

Using secrets inside config.toml

You can reference environment variables within the config.toml file using the env() function. This will detect any values stored in an .env file at the root of your project directory. This is particularly useful for storing sensitive information like API keys, and any other values that you don't want to check into version control.


_10.
_10├── .env
_10├── .env.example
_10└── supabase
_10    └── config.toml

Do NOT commit your .env into git. Be sure to configure your .gitignore to exclude this file.

For example, if your .env contained the following values:


_10GITHUB_CLIENT_ID=""
_10GITHUB_SECRET=""

Then you would reference them inside of our config.toml like this:


_10[auth.external.github]
_10enabled = true
_10client_id = "env(GITHUB_CLIENT_ID)"
_10secret = "env(GITHUB_SECRET)"
_10redirect_uri = "" # Overrides the default auth redirectUrl.

Managing config and secrets

Config reference#

Using secrets inside config.toml#

Config reference

Using secrets inside config.toml