Supabase Credential Generator

Generates Supabase credentials locally that aren't possible to generate with random bytes in Railway natively.

Important:

Save the output before closing this page. Treat SERVICE_ROLE_KEY, SUPABASE_SECRET_KEY, and asymmetric service-role keys as server-only credentials. Never expose them in browser app code.

Options

Railway variables

Generation logic

This page ports the logic from docker/utils/generate-keys.sh and docker/utils/add-new-auth-keys.sh to browser JavaScript: random bytes replace openssl rand, WebCrypto HMAC signs legacy HS256 JWTs, WebCrypto ECDSA signs ES256 JWTs, and SHA-256 creates opaque key checksums.

Show this page's full source code