Configure Keys
Set up your environment variables with Supabase API keys and URLs.
Environment Variables
| Variable | Description | Type | Source |
|---|---|---|---|
NEXT_PUBLIC_SUPABASE_URL | Your Supabase project URL* | public safe | Dashboard → Settings → API → Project URL |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Public anonymous key for client-side requests* | public safe | Dashboard → Settings → API → anon public |
SUPABASE_SERVICE_ROLE_KEY | Service role key for server-side admin operations* | server secret | Dashboard → Settings → API → service_role secret |
SUPABASE_JWT_SECRET | JWT secret for token verification | server secret | Dashboard → Settings → API → JWT Secret |
* Required variable
Finding Your Keys
- Go to supabase.com/dashboard
- Select your project
- Navigate to Settings → API
- Copy the values shown
Never Expose Service Role Key
The
SUPABASE_SERVICE_ROLE_KEY bypasses Row Level Security. Never expose it in client-side code or commit it to Git.Create .env.local
Create a .env.local file in your project root:
.env.local
# Supabase Configuration
NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
# Optional
SUPABASE_JWT_SECRET=your-jwt-secretTemplate Provided
Copy from
.env.example if available in your project:cp .env.example .env.localVerify Configuration
After setting up your environment variables, verify they're loaded correctly:
# In your terminal, check the file exists
cat .env.local
# Make sure it's git-ignored
git status .env.local # Should show as untracked or ignoredUnderstanding Key Types
anon Key (Public)
Safe to expose in client-side code. Requests using this key are subject to Row Level Security (RLS) policies. Use for browser/client requests.
service_role Key (Secret)
Never expose publicly. Bypasses all RLS policies. Use only in secure server-side environments (API routes, Edge Functions).