Local Development

Supabase CLI config


A supabase/config.toml file is generated after running supabase init.

You can edit this file to change the settings for your locally running project. After you make changes, you will need to restart using supabase stop and then supabase start for the changes to take effect.

General Config

project_id

NameDefaultRequired
project_idNonetrue

Description

A string used to distinguish different Supabase projects on the same host. Defaults to the working directory name when running supabase init.

Auth Config

auth.enabled

NameDefaultRequired
auth.enabledtruefalse

Description

Enable the local GoTrue service.

auth.site_url

NameDefaultRequired
auth.site_url"http://localhost:3000"false

Description

The base URL of your website. Used as an allow-list for redirects and for constructing URLs used in emails.

auth.additional_redirect_urls

NameDefaultRequired
auth.additional_redirect_urls["https://localhost:3000"]false

Description

A list of exact URLs that auth providers are permitted to redirect to post authentication.

auth.jwt_expiry

NameDefaultRequired
auth.jwt_expiry3600false

Description

How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 seconds (one week).

auth.enable_refresh_token_rotation

NameDefaultRequired
auth.enable_refresh_token_rotationtruefalse

Description

If disabled, the refresh token will never expire.

auth.refresh_token_reuse_interval

NameDefaultRequired
auth.refresh_token_reuse_interval10false

Description

Allows refresh tokens to be reused after expiry, up to the specified interval in seconds. Requires enable_refresh_token_rotation = true.

auth.enable_signup

NameDefaultRequired
auth.enable_signuptruefalse

Description

Allow/disallow new user signups to your project.

auth.enable_anonymous_sign_ins

NameDefaultRequired
auth.enable_anonymous_sign_insfalsefalse

Description

Allow/disallow anonymous sign-ins to your project.

auth.email.enable_signup

NameDefaultRequired
auth.email.enable_signuptruefalse

Description

Allow/disallow new user signups via email to your project.

auth.email.double_confirm_changes

NameDefaultRequired
auth.email.double_confirm_changestruefalse

Description

If enabled, a user will be required to confirm any email change on both the old, and new email addresses. If disabled, only the new email is required to confirm.

auth.email.enable_confirmations

NameDefaultRequired
auth.email.enable_confirmationsfalsefalse

Description

If enabled, users need to confirm their email address before signing in.

auth.email.secure_password_change

NameDefaultRequired
auth.email.secure_password_changeNonefalse

Description

If enabled, requires the user's current password to be provided when changing to a new password.

auth.email.max_frequency

NameDefaultRequired
auth.email.max_frequency1mfalse

Description

The minimum amount of time that must pass between email requests. Helps prevent email spam by limiting how frequently emails can be sent. Example values: "1m", "1h", "24h"

auth.email.otp_length

NameDefaultRequired
auth.email.otp_length6false

Description

The length of the OTP code to be sent in emails. Must be between 6 and 10 digits.

auth.email.otp_exp

NameDefaultRequired
auth.email.otp_exp300false

Description

The expiry time for an OTP code in seconds. Default is 300 seconds (5 minutes).

auth.email.smtp.host

NameDefaultRequired
auth.email.smtp.hostinbucketfalse

Description

Hostname or IP address of the SMTP server.

auth.email.smtp.port

NameDefaultRequired
auth.email.smtp.port2500false

Description

Port number of the SMTP server.

auth.email.smtp.user

NameDefaultRequired
auth.email.smtp.userNonefalse

Description

Username for authenticating with the SMTP server.

auth.email.smtp.pass

NameDefaultRequired
auth.email.smtp.passNonefalse

Description

Password for authenticating with the SMTP server.

auth.email.smtp.admin_email

NameDefaultRequired
auth.email.smtp.admin_emailadmin@email.comfalse

Description

Email used as the sender for emails sent from the application.

auth.email.smtp.sender_name

NameDefaultRequired
auth.email.smtp.sender_nameNonefalse

Description

Display name used as the sender for emails sent from the application.

auth.email.template.<type>.subject

NameDefaultRequired
auth.email.template.type.subjectNonefalse

Description

The full list of email template types are:

  • invite
  • confirmation
  • recovery
  • magic_link
  • email_change

auth.email.template.<type>.content_path

NameDefaultRequired
auth.email.template.type.content_pathNonefalse

Description

The full list of email template types are:

  • invite
  • confirmation
  • recovery
  • magic_link
  • email_change

auth.sms.enable_signup

NameDefaultRequired
auth.sms.enable_signuptruefalse

Description

Allow/disallow new user signups via SMS to your project.

auth.sms.enable_confirmations

NameDefaultRequired
auth.sms.enable_confirmationsfalsefalse

Description

If enabled, users need to confirm their phone number before signing in.

auth.sms.test_otp

NameDefaultRequired
auth.sms.test_otpNonefalse

Description

Use pre-defined map of phone number to OTP for testing.

Usage

1[auth.sms.test_otp]
24152127777 = "123456"

auth.sms.<provider>.enabled

NameDefaultRequired
auth.sms.provider.enabledfalsefalse

Description

Use an external SMS provider. The full list of providers are:

  • twilio
  • twilio_verify
  • messagebird
  • textlocal
  • vonage

auth.sms.<twilio|twilio_verify>.account_sid

NameDefaultRequired
auth.sms.twilio.account_sidNonetrue

Description

Twilio Account SID

auth.sms.<twilio|twilio_verify>.message_service_sid

NameDefaultRequired
auth.sms.twilio.message_service_sidNonetrue

Description

Twilio Message Service SID

auth.sms.<twilio|twilio_verify>.auth_token

NameDefaultRequired
auth.sms.twilio.auth_tokenenv(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)true

Description

Twilio Auth Token

DO NOT commit your Twilio auth token to git. Use environment variable substitution instead.

auth.sms.messagebird.originator

NameDefaultRequired
auth.sms.messagebird.originatorNonetrue

Description

MessageBird Originator

auth.sms.messagebird.access_key

NameDefaultRequired
auth.sms.messagebird.access_keyenv(SUPABASE_AUTH_SMS_MESSAGEBIRD_ACCESS_KEY)true

Description

MessageBird Access Key

DO NOT commit your MessageBird access key to git. Use environment variable substitution instead.

auth.sms.textlocal.sender

NameDefaultRequired
auth.sms.textlocal.senderNonetrue

Description

TextLocal Sender

auth.sms.textlocal.api_key

NameDefaultRequired
auth.sms.textlocal.api_keyenv(SUPABASE_AUTH_SMS_TEXTLOCAL_API_KEY)true

Description

TextLocal API Key

DO NOT commit your TextLocal API key to git. Use environment variable substitution instead.

auth.sms.vonage.from

NameDefaultRequired
auth.sms.vonage.fromNonetrue

Description

Vonage From

auth.sms.vonage.api_key

NameDefaultRequired
auth.sms.vonage.api_keyNonetrue

Description

Vonage API Key

auth.sms.vonage.api_secret

NameDefaultRequired
auth.sms.vonage.api_secretenv(SUPABASE_AUTH_SMS_VONAGE_API_SECRET)true

Description

Vonage API Secret

DO NOT commit your Vonage API secret to git. Use environment variable substitution instead.

auth.external.<provider>.enabled

NameDefaultRequired
auth.external.provider.enabledfalsefalse

Description

Use an external OAuth provider. The full list of providers are:

  • apple
  • azure
  • bitbucket
  • discord
  • facebook
  • github
  • gitlab
  • google
  • kakao
  • keycloak
  • linkedin
  • notion
  • twitch
  • twitter
  • slack
  • spotify
  • workos
  • zoom

auth.external.<provider>.client_id

NameDefaultRequired
auth.external.provider.client_idNonetrue

Description

Client ID for the external OAuth provider.

auth.external.<provider>.secret

NameDefaultRequired
auth.external.provider.secretenv(SUPABASE_AUTH_EXTERNAL_<PROVIDER>_SECRET)true

Description

Client secret for the external OAuth provider.

DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead.

auth.external.<provider>.url

NameDefaultRequired
auth.external.provider.urlNonefalse

Description

The base URL used for constructing the URLs to request authorization and access tokens. Used by gitlab and keycloak. For gitlab it defaults to https://gitlab.com. For keycloak you need to set this to your instance, for example: https://keycloak.example.com/realms/myrealm .

auth.external.<provider>.redirect_uri

NameDefaultRequired
auth.external.provider.redirect_uriNonefalse

Description

The URI a OAuth2 provider will redirect to with the code and state values.

auth.external.<provider>.skip_nonce_check

NameDefaultRequired
auth.external.provider.skip_nonce_checkNonefalse

Description

Disables nonce validation during OIDC authentication flow for the specified provider. Enable only when client libraries cannot properly handle nonce verification. Be aware that this reduces security by allowing potential replay attacks with stolen ID tokens.

auth.mfa.web_authn.enroll_enabled

NameDefaultRequired
auth.mfa.web_authn.enroll_enabledfalsefalse

Description

Enable WebAuthn enrollment for multi-factor authentication.

auth.mfa.web_authn.verify_enabled

NameDefaultRequired
auth.mfa.web_authn.verify_enabledfalsefalse

Description

Enable WebAuthn verification for multi-factor authentication.

API Config

api.enabled

NameDefaultRequired
api.enabledtruefalse

Description

Enable the local PostgREST service.

api.port

NameDefaultRequired
api.port54321false

Description

Port to use for the API URL.

Usage

1[api]
2port = 54321

api.schemas

NameDefaultRequired
api.schemas["public", "storage", "graphql_public"]false

Description

Schemas to expose in your API. Tables, views and functions in this schema will get API endpoints. public and storage are always included.

api.extra_search_path

NameDefaultRequired
api.extra_search_path["public", "extensions"]false

Description

Extra schemas to add to the search_path of every request. public is always included.

api.max_rows

NameDefaultRequired
api.max_rows1000false

Description

The maximum number of rows returned from a view, table, or stored procedure. Limits payload size for accidental or malicious requests.

Database Config

db.port

NameDefaultRequired
db.port54322false

Description

Port to use for the local database URL.

db.shadow_port

NameDefaultRequired
db.shadow_port54320false

Description

Port to use for the local shadow database.

See also

    db.major_version

    NameDefaultRequired
    db.major_version15false

    Description

    The database major version to use. This has to be the same as your remote database's. Run SHOW server_version; on the remote database to check.

    db.pooler.enabled

    NameDefaultRequired
    db.pooler.enabledfalsefalse

    Description

    Enable the local PgBouncer service.

    db.pooler.port

    NameDefaultRequired
    db.pooler.port54329false

    Description

    Port to use for the local connection pooler.

    db.pooler.pool_mode

    NameDefaultRequired
    db.pooler.pool_mode"transaction"false

    Description

    Specifies when a server connection can be reused by other clients. Configure one of the supported pooler modes: transaction, session.

    db.pooler.default_pool_size

    NameDefaultRequired
    db.pooler.default_pool_size20false

    Description

    How many server connections to allow per user/database pair.

    db.settings.effective_cache_size

    NameDefaultRequired
    db.settings.effective_cache_sizeNonefalse

    Description

    Sets the planner's assumption about the effective size of the disk cache. This is a query planner parameter that doesn't affect actual memory allocation.

    db.settings.logical_decoding_work_mem

    NameDefaultRequired
    db.settings.logical_decoding_work_memNonefalse

    Description

    Specifies the amount of memory to be used by logical decoding, before writing data to local disk.

    db.settings.maintenance_work_mem

    NameDefaultRequired
    db.settings.maintenance_work_memNonefalse

    Description

    Specifies the maximum amount of memory to be used by maintenance operations, such as VACUUM, CREATE INDEX, and ALTER TABLE ADD FOREIGN KEY.

    db.settings.max_connections

    NameDefaultRequired
    db.settings.max_connectionsNonefalse

    Description

    Determines the maximum number of concurrent connections to the database server. Note: Changing this parameter requires a database restart.

    db.settings.max_locks_per_transaction

    NameDefaultRequired
    db.settings.max_locks_per_transactionNonefalse

    Description

    Controls the average number of object locks allocated for each transaction. Note: Changing this parameter requires a database restart.

    db.settings.max_parallel_maintenance_workers

    NameDefaultRequired
    db.settings.max_parallel_maintenance_workersNonefalse

    Description

    Sets the maximum number of parallel workers that can be started by a single utility command.

    db.settings.max_parallel_workers

    NameDefaultRequired
    db.settings.max_parallel_workersNonefalse

    Description

    Sets the maximum number of parallel workers that the system can support. Note: Changing this parameter requires a database restart.

    db.settings.max_parallel_workers_per_gather

    NameDefaultRequired
    db.settings.max_parallel_workers_per_gatherNonefalse

    Description

    Sets the maximum number of parallel workers that can be started by a single Gather or Gather Merge node.

    db.settings.max_replication_slots

    NameDefaultRequired
    db.settings.max_replication_slotsNonefalse

    Description

    Specifies the maximum number of replication slots that the server can support. Note: Changing this parameter requires a database restart.

    db.settings.max_slot_wal_keep_size

    NameDefaultRequired
    db.settings.max_slot_wal_keep_sizeNonefalse

    Description

    Specifies the maximum size of WAL files that replication slots are allowed to retain in the pg_wal directory.

    db.settings.max_standby_archive_delay

    NameDefaultRequired
    db.settings.max_standby_archive_delayNonefalse

    Description

    Sets the maximum delay before canceling queries when a hot standby server is processing archived WAL data.

    db.settings.max_standby_streaming_delay

    NameDefaultRequired
    db.settings.max_standby_streaming_delayNonefalse

    Description

    Sets the maximum delay before canceling queries when a hot standby server is processing streamed WAL data.

    db.settings.max_wal_size

    NameDefaultRequired
    db.settings.max_wal_sizeNonefalse

    Description

    Sets the maximum size of WAL files that the system will keep in the pg_wal directory.

    db.settings.max_wal_senders

    NameDefaultRequired
    db.settings.max_wal_sendersNonefalse

    Description

    Specifies the maximum number of concurrent connections from standby servers or streaming base backup clients. Note: Changing this parameter requires a database restart.

    db.settings.max_worker_processes

    NameDefaultRequired
    db.settings.max_worker_processesNonefalse

    Description

    Sets the maximum number of background processes that the system can support. Note: Changing this parameter requires a database restart.

    db.settings.session_replication_role

    NameDefaultRequired
    db.settings.session_replication_roleNonefalse

    Description

    Controls whether triggers and rewrite rules are enabled. Valid values are: "origin", "replica", or "local".

    db.settings.shared_buffers

    NameDefaultRequired
    db.settings.shared_buffersNonefalse

    Description

    Sets the amount of memory the database server uses for shared memory buffers. Note: Changing this parameter requires a database restart.

    db.settings.statement_timeout

    NameDefaultRequired
    db.settings.statement_timeoutNonefalse

    Description

    Abort any statement that takes more than the specified amount of time.

    db.settings.track_commit_timestamp

    NameDefaultRequired
    db.settings.track_commit_timestampNonefalse

    Description

    Record commit time of transactions. Note: Changing this parameter requires a database restart.

    db.settings.wal_keep_size

    NameDefaultRequired
    db.settings.wal_keep_sizeNonefalse

    Description

    Specifies the minimum size of past log file segments kept in the pg_wal directory.

    db.settings.wal_sender_timeout

    NameDefaultRequired
    db.settings.wal_sender_timeoutNonefalse

    Description

    Terminate replication connections that are inactive for longer than this amount of time.

    db.settings.work_mem

    NameDefaultRequired
    db.settings.work_memNonefalse

    Description

    Specifies the amount of memory to be used by internal sort operations and hash tables before writing to temporary disk files.

    db.pooler.max_client_conn

    NameDefaultRequired
    db.pooler.max_client_conn100false

    Description

    Maximum number of client connections allowed.

    db.seed.enabled

    NameDefaultRequired
    db.seed.enabledtruefalse

    Description

    Enables running seeds when starting or resetting the database.

    See also

      db.seed.sql_paths

      NameDefaultRequired
      db.seed.sql_paths["./seed.sql"]false

      Description

      An array of files or glob patterns to find seeds in.

      Dashboard Config

      studio.enabled

      NameDefaultRequired
      studio.enabledtruefalse

      Description

      Enable the local Supabase Studio dashboard.

      See also

        studio.port

        NameDefaultRequired
        studio.port54323false

        Description

        Port to use for Supabase Studio.

        See also

          studio.api_url

          NameDefaultRequired
          studio.api_url"http://localhost"false

          Description

          External URL of the API server that frontend connects to.

          See also

            Realtime Config

            realtime.enabled

            NameDefaultRequired
            realtime.enabledtruefalse

            Description

            Enable the local Realtime service.

            See also

              realtime.ip_version

              NameDefaultRequired
              realtime.ip_version"IPv6"false

              Description

              Bind realtime via either IPv4 or IPv6. (default: IPv6)

              See also

                Storage Config

                storage.enabled

                NameDefaultRequired
                storage.enabledtruefalse

                Description

                Enable the local Storage service.

                storage.file_size_limit

                NameDefaultRequired
                storage.file_size_limit"50MiB"false

                Description

                The maximum file size allowed for all buckets in the project.

                storage.buckets.<bucket_name>.public

                NameDefaultRequired
                storage.buckets.bucket_name.publicfalsefalse

                Description

                Enable public access to the bucket.

                storage.buckets.<bucket_name>.file_size_limit

                NameDefaultRequired
                storage.buckets.bucket_name.file_size_limitNonefalse

                Description

                The maximum file size allowed (e.g. "5MB", "500KB").

                storage.buckets.<bucket_name>.allowed_mime_types

                NameDefaultRequired
                storage.buckets.bucket_name.allowed_mime_typesNonefalse

                Description

                The list of allowed MIME types for objects in the bucket.

                storage.buckets.<bucket_name>.objects_path

                NameDefaultRequired
                storage.buckets.bucket_name.objects_pathNonefalse

                Description

                The local directory to upload objects to the bucket.

                Edge-Functions Config

                edge_runtime.enabled

                NameDefaultRequired
                edge_runtime.enabledtruefalse

                Description

                Enable the local Edge Runtime service for Edge Functions.

                See also

                  edge_runtime.policy

                  NameDefaultRequired
                  edge_runtime.policy"oneshot"false

                  Description

                  Configure the request handling policy for Edge Functions. Available options:

                  • oneshot: Recommended for development with hot reload support
                  • per_worker: Recommended for load testing scenarios

                  See also

                    edge_runtime.inspector_port

                    NameDefaultRequired
                    edge_runtime.inspector_port8083false

                    Description

                    Port to attach the Chrome inspector for debugging Edge Functions.

                    See also

                      functions.<function_name>.enabled

                      NameDefaultRequired
                      functions.function_name.enabledtruefalse

                      Description

                      Controls whether a function is deployed or served. When set to false, the function will be skipped during deployment and won't be served locally. This is useful for disabling demo functions or temporarily disabling a function without removing its code.

                      functions.<function_name>.verify_jwt

                      NameDefaultRequired
                      functions.function_name.verify_jwttruefalse

                      Description

                      By default, when you deploy your Edge Functions or serve them locally, it will reject requests without a valid JWT in the Authorization header. Setting this configuration changes the default behavior.

                      Note that the --no-verify-jwt flag overrides this configuration.

                      functions.<function_name>.import_map

                      NameDefaultRequired
                      functions.function_name.import_mapNonefalse

                      Description

                      Specify the Deno import map file to use for the Function. When not specified, defaults to supabase/functions/<function_name>/deno.json.

                      Note that the --import-map flag overrides this configuration.

                      functions.<function_name>.entrypoint

                      NameDefaultRequired
                      functions.function_name.entrypointNonefalse

                      Description

                      Specify a custom entrypoint path for the function relative to the project root. When not specified, defaults to supabase/functions/<function_name>/index.ts.

                      Usage

                      1[functions.my_function]
                      2entrypoint = "path/to/custom/function.ts"

                      Analytics Config

                      analytics.enabled

                      NameDefaultRequired
                      analytics.enabledfalsefalse

                      Description

                      Enable the local Logflare service.

                      analytics.port

                      NameDefaultRequired
                      analytics.port54327false

                      Description

                      Port to the local Logflare service.

                      See also

                        analytics.vector_port

                        NameDefaultRequired
                        analytics.vector_port54328false

                        Description

                        Port to the local syslog ingest service.

                        See also

                          analytics.backend

                          NameDefaultRequired
                          analytics.backend"postgres"false

                          Description

                          Configure one of the supported backends:

                          • postgres
                          • bigquery

                          Experimental Config

                          experimental.webhooks.enabled

                          NameDefaultRequired
                          experimental.webhooks.enabledfalsefalse

                          Description

                          Automatically enable webhook features on each new created branch Note: This is an experimental feature and may change in future releases.

                          See also

                            experimental.orioledb_version

                            NameDefaultRequired
                            experimental.orioledb_versionNonefalse

                            Description

                            Configures Postgres storage engine to use OrioleDB with S3 support. Note: This is an experimental feature and may change in future releases.

                            See also

                              experimental.s3_host

                              NameDefaultRequired
                              experimental.s3_hostenv(S3_HOST)false

                              Description

                              Configures S3 bucket URL for OrioleDB storage. Format example: <bucket_name>.s3-<region>.amazonaws.com Note: This is an experimental feature and may change in future releases.

                              See also

                                experimental.s3_region

                                NameDefaultRequired
                                experimental.s3_regionenv(S3_REGION)false

                                Description

                                Configures S3 bucket region for OrioleDB storage. Example: us-east-1 Note: This is an experimental feature and may change in future releases.

                                See also

                                  experimental.s3_access_key

                                  NameDefaultRequired
                                  experimental.s3_access_keyenv(S3_ACCESS_KEY)false

                                  Description

                                  Configures AWS_ACCESS_KEY_ID for S3 bucket access. DO NOT commit your AWS access key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

                                  See also

                                    experimental.s3_secret_key

                                    NameDefaultRequired
                                    experimental.s3_secret_keyenv(S3_SECRET_KEY)false

                                    Description

                                    Configures AWS_SECRET_ACCESS_KEY for S3 bucket access. DO NOT commit your AWS secret key to git. Use environment variable substitution instead. Note: This is an experimental feature and may change in future releases.

                                    See also

                                      Local Development Config

                                      inbucket.enabled

                                      NameDefaultRequired
                                      inbucket.enabledtruefalse

                                      Description

                                      Enable the local InBucket service.

                                      inbucket.port

                                      NameDefaultRequired
                                      inbucket.port54324false

                                      Description

                                      Port to use for the email testing server web interface.

                                      Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

                                      inbucket.smtp_port

                                      NameDefaultRequired
                                      inbucket.smtp_port54325false

                                      Description

                                      Port to use for the email testing server SMTP port.

                                      Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

                                      If set, you can access the SMTP server from this port.

                                      inbucket.pop3_port

                                      NameDefaultRequired
                                      inbucket.pop3_port54326false

                                      Description

                                      Port to use for the email testing server POP3 port.

                                      Emails sent with the local dev setup are not actually sent - rather, they are monitored, and you can view the emails that would have been sent from the web interface.

                                      If set, you can access the POP3 server from this port.

                                      inbucket.admin_email

                                      NameDefaultRequired
                                      inbucket.admin_emailadmin@email.comfalse

                                      Description

                                      Email used as the sender for emails sent from the application.

                                      inbucket.sender_name

                                      NameDefaultRequired
                                      inbucket.sender_nameAdminfalse

                                      Description

                                      Display name used as the sender for emails sent from the application.