Supabase Credential Generator
Generates Supabase credentials locally that aren't possible to generate with random bytes in Railway natively.
Save the output before closing this page. Treat
SERVICE_ROLE_KEY,
SUPABASE_SECRET_KEY, and asymmetric
service-role keys as server-only credentials. Never expose
them in browser app code.
Options
Railway variables
Generation logic
This page ports the logic from
docker/utils/generate-keys.sh and
docker/utils/add-new-auth-keys.sh to browser
JavaScript: random bytes replace openssl rand,
WebCrypto HMAC signs legacy HS256 JWTs, WebCrypto ECDSA
signs ES256 JWTs, and SHA-256 creates opaque key checksums.