The Supabase CLI provides tools to develop your project locally and deploy to the Supabase Platform.
The CLI is still under development, but it contains all the functionality for working with your Supabase projects and the Supabase Platform.
Supabase CLI supports global flags for every command.
Flags
--debug
Optional
no type
output debug logs to stderr
--dns-resolver <[ native | https ]>
Optional
no type
lookup domain names using the specified resolver
--experimental
Optional
no type
enable experimental features
-h, --help
Optional
no type
help for supabase
--workdir <string>
Optional
no type
path to a Supabase project directory
$ supabase init
Initialize configurations for Supabase local development.
A supabase/config.toml file is created in your current working directory. This configuration is specific to each local project.
You may override the directory path by specifying the SUPABASE_WORKDIR environment variable or --workdir flag.
In addition to config.toml, the supabase directory may also contain other Supabase objects, such as migrations, functions, tests, etc.
supabase init
$ supabase login
Connect the Supabase CLI to your Supabase account by logging in with your personal access token.
Your access token is stored securely in native credentials storage. If native credentials storage is unavailable, it will be written to a plain text file at ~/.supabase/access-token.
If this behavior is not desired, such as in a CI environment, you may skip login by specifying the SUPABASE_ACCESS_TOKEN environment variable in other commands.
The Supabase CLI uses the stored token to access Management APIs for projects, functions, secrets, etc.
supabase login
$ supabase link
Link your local development project to a hosted Supabase project.
PostgREST configurations are fetched from the Supabase platform and validated against your local configuration file.
Optionally, database settings can be validated if you provide a password. Your database password is saved in native credentials storage if available.
If you do not want to be prompted for the database password, such as in a CI environment, you may specify it explicitly via the SUPABASE_DB_PASSWORD environment variable.
Some commands like db dump, db push, and db remote commit require your project to be linked first.
Flags
-p, --password <string>
Optional
no type
Password to your remote Postgres database.
--project-ref <string>
REQUIRED
no type
Project ref of the Supabase project.
supabase link --project-ref ********************
$ supabase start
Starts the Supabase local development stack.
Requires supabase/config.toml to be created in your current working directory by running supabase init.
All service containers are started by default. You can exclude those not needed by passing in -x flag. To exclude multiple containers, either pass in a comma separated string, such as -x gotrue,imgproxy, or specify -x flag multiple times.
It is recommended to have at least 7GB of RAM to start all services.
Health checks are automatically added to verify the started containers. Use --ignore-health-check flag to ignore these errors.
Flags
-x, --exclude <strings>
Optional
no type
Names of containers to not start. [gotrue,realtime,storage-api,imgproxy,kong,inbucket,postgrest,pgadmin-schema-diff,migra,postgres-meta,studio,edge-runtime,logflare,vector]
--ignore-health-check
Optional
no type
Ignore unhealthy services and exit 0
supabase start
$ supabase stop
Stops the Supabase local development stack.
Requires supabase/config.toml to be created in your current working directory by running supabase init.
All Docker resources are cleaned up by default. Use --backup flag to persist your local development data between restarts.
Flags
--no-backup
Optional
no type
Deletes all data volumes after stopping.
supabase stop
$ supabase status
Shows status of the Supabase local development stack.
Requires the local development stack to be started by running supabase start or supabase db start.
You can export the connection parameters for initializing supabase-js locally by specifying the -o env flag. Supported parameters include JWT_SECRET, ANON_KEY, and SERVICE_ROLE_KEY.
Requires the local development stack to be started by running supabase start.
Runs pg_prove in a container with unit test files volume mounted from supabase/tests directory. The test file can be suffixed by either .sql or .pg extension.
Since each test is wrapped in its own transaction, it will be individually rolled back regardless of success or failure.
Requires your local project to be linked to a remote database by running supabase link. For self-hosted databases, you can pass in the connection parameters using --db-url flag.
Runs pg_dump in a container with additional flags to exclude Supabase managed schemas. The ignored schemas include auth, stroage, and those created by extensions.
The default dump does not contain any data or custom roles. To dump those contents explicitly, specify either the --data-only and --role-only flag.
Flags
--data-only
Optional
no type
Dumps only data records.
-f, --file <string>
Optional
no type
File path to save the dumped contents.
--keep-comments
Optional
no type
Keeps commented lines from pg_dump output.
-p, --password <string>
Optional
no type
Password to your remote Postgres database.
--role-only
Optional
no type
Dumps only cluster roles.
--db-url <string>
Optional
no type
connect using the specified database url
supabase db dump -f supabase/schema.sql
$ supabase db push
Pushes all local migrations to a remote database.
Requires your local project to be linked to a remote database by running supabase link. For self-hosted databases, you can pass in the connection parameters using --db-url flag.
The first time this command is run, a migration history table will be created under supabase_migrations.schema_migrations. After successfully applying a migration, a new row will be inserted into the migration history table with timestamp as its unique id. Subsequent pushes will skip migrations that have already been applied.
If you need to mutate the migration history table, such as deleting existing entries or inserting new entries without actually running the migration, use the migration repair command.
Use the --dry-run flag to view the list of changes before applying.
Flags
--dry-run
Optional
no type
Print the migrations that would be applied, but don't actually apply them.
-p, --password <string>
Optional
no type
Password to your remote Postgres database.
--db-url <string>
Optional
no type
connect using the specified database url
supabase db push
$ supabase db reset
Resets the local database to a clean state.
Requires the local development stack to be started by running supabase start.
Recreates the local Postgres container and applies all local migrations found in supabase/migrations directory. If test data is defined in supabase/seed.sql, it will be seeded after the migrations are run. Any other data or schema changes made during local development will be discarded.
Note that since Postgres roles are cluster level entities, those changes will persist between resets. In order to reset custom roles, you need to restart the local development stack.
Flags
--linked
Optional
no type
Resets the linked project to current migrations.
--db-url <string>
Optional
no type
connect using the specified database url
supabase db reset
$ supabase db diff
Diffs schema changes made to the local or remote database.
Requires the local development stack to be running when diffing against the local database. To diff against a remote or self-hosted database, specify the --linked or --db-url flag respectively.
Runs djrobstep/migra in a container to compare schema differences between the target database and a shadow database. The shadow database is created by applying migrations in local supabase/migrations directory in a separate container. Output is written to stdout by default. For convenience, you can also save the schema diff as a new migration file by passing in -f flag.
By default, all schemas in the target database are diffed. Use the --schema public,extensions flag to restrict diffing to a subset of schemas.
While the diff command is able to capture most schema changes, there are cases where it is known to fail. Currently, this could happen if you schema contains:
Changes to publication
Changes to storage buckets
Views with security_invoker attributes
Flags
-f, --file <string>
Optional
no type
Saves schema diff to a new migration file.
--linked
Optional
no type
Diffs local schema against the linked project.
-s, --schema <strings>
Optional
no type
List of schema to include.
--use-migra
Optional
no type
Use migra to generate schema diff.
--use-pgadmin
Optional
no type
Use pgAdmin to generate schema diff.
--db-url <string>
Optional
no type
connect using the specified database url
supabase db diff -f my_table
$ supabase db lint
Lints local database for schema errors.
Requires the local development stack to be running when linting against the local database. To lint against a remote or self-hosted database, specify the --linked or --db-url flag respectively.
Runs plpgsql_check extension in the local Postgres container to check for errors in all schemas. The default lint level is warning and can be raised to error via the --level flag.
To lint against specific schemas only, pass in the --schema flag.
Pulls schema changes from a remote database and inserts a new row into the migration history table.
Requires your local project to be linked to a remote database by running supabase link. For self-hosted databases, you can pass in the connection parameters using --db-url flag.
If no entries exist in the migration history table, pg_dump will be used to capture all contents of the remote schemas you have created. After that, a new record will be inserted into the migration history table. Subsequent runs of this command will only diff schema changes against the remote database similar to db diff --linked.
A supabase/migrations directory will be created if it does not already exists in your current workdir. All schema migration files must be created in this directory following the pattern <timestamp>_<name>.sql.
Outputs from other commands like db diff may be piped to migration new <name> via stdin.
supabase migration new schema_test
$ supabase migration list
Lists migration history in both local and remote databases.
Requires your local project to be linked to a remote database by running supabase link. For self-hosted databases, you can pass in the connection parameters using --db-url flag.
Note that URL strings must be escaped according to RFC 3986.
Local migrations are stored in supabase/migrations directory while remote migrations are tracked in supabase_migrations.schema_migrations table. Only the timestamps are compared to identify any differences.
In case of discrepancies between the local and remote migration history, you can resolve them using the migration repair command.
Flags
--db-url <string>
Optional
no type
connect using the specified database url
-p, --password <string>
Optional
no type
Password to your remote Postgres database.
supabase migration list
$ supabase migration repair
Repairs the remote migration history table.
Requires your local project to be linked to a remote database by running supabase link.
If your local and remote migration history goes out of sync, you can repair the remote history by marking specific migrations as --status applied or --status reverted. Marking as reverted will delete an existing record from the migration history table while marking as applied will insert a new record.
For example, your migration history table may look like this after running db remote commit for the first time.
$ supabase migration list
LOCAL │ REMOTE │ TIME (UTC)
─────────────────┼────────────────┼──────────────────────
20230103054303 │ 20230103054303 │ 2023-01-03 05:43:03
To reset your migration history to a clean state, first delete your local migration file.
$ rm supabase/migrations/20230103054303_remote_commit.sql
$ supabase migration list
LOCAL │ REMOTE │ TIME (UTC)
─────────────────┼────────────────┼──────────────────────
│ 20230103054303 │ 2023-01-03 05:43:03
Then mark the remote migration 20230103054303 as reverted.
$ supabase migration repair 20230103054303 --status reverted
Repaired migration history: 20230103054303 => reverted
$ supabase migration list
LOCAL │ REMOTE │ TIME (UTC)
─────────────────┼────────────────┼──────────────────────
Now you can run db remote commit again to dump the remote schema as a local migration file.
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
$ supabase sso list
List all connections to a SSO identity provider to your Supabase project.
Flags
--project-ref <string>
REQUIRED
string
Project ref of the Supabase project.
--output [ pretty | json | yaml | toml ]
Optional
[ pretty | json | yaml | toml ]
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
$ supabase sso show <provider-id>
Provides the information about an established connection to an identity provider. You can use --metadata to obtain the raw SAML 2.0 Metadata XML document stored in your project's configuration.
Flags
--project-ref <string>
REQUIRED
string
Project ref of the Supabase project.
--output [ pretty | json | yaml | toml ]
Optional
[ pretty | json | yaml | toml ]
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
supabase sso show 6df4d73f-bf21-405f-a084-b11adf19fea5 \
--project-ref abcdefghijklmnopqrst
$ supabase sso add
Add and configure a new connection to a SSO identity provider to your Supabase project.
Flags
--project-ref <string>
REQUIRED
string
Project ref of the Supabase project.
--output [ pretty | json | yaml | toml ]
Optional
[ pretty | json | yaml | toml ]
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
--type saml
REQUIRED
string
Type of identity provider being added. Only SAML 2.0 supported at this time.
saml
REQUIRED
string
--metadata-url <URL>
REQUIRED
string
A URL (typically HTTPS) that points to a SAML 2.0 Metadata XML document describing the SAML features supported by the identity provider being added.
Mutually exclusive with --metadata-file.
--metadata-file <path to file>
REQUIRED
string
A path to a file containing a SAML 2.0 Metadata XML document describing the SAML features supported by the identity provider being added. Prefer using --metadata-url if possible.
Mutually exclusive with --metadata-url.
domains
Optional
string
A comma separated list of email domains to associate with this identity provider. Used to quickly sign users in on the frontend by identifying the correct identity provider based on the email address of the user.
attribute-mapping-file
Optional
string
A file containing a JSON document describing the attribute mappings attached to this identity provider. User information contained in the SAML assertion will be mapped according to the rules laid out in this document.
Update the configuration settings of a already added SSO identity provider.
Flags
--project-ref <string>
REQUIRED
string
Project ref of the Supabase project.
--output [ pretty | json | yaml | toml ]
Optional
[ pretty | json | yaml | toml ]
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
--metadata-url <URL>
Optional
string
A URL (typically HTTPS) that points to a SAML 2.0 Metadata XML document describing the SAML features supported by the identity provider being added.
Mutually exclusive with --metadata-file.
--metadata-file <path to file>
Optional
string
A path to a file containing a SAML 2.0 Metadata XML document describing the SAML features supported by the identity provider being added. Prefer using --metadata-url if possible.
Mutually exclusive with --metadata-url.
domains
Optional
string
A comma separated list of email domains to associate with this identity provider. Used to quickly sign users in on the frontend by identifying the correct identity provider based on the email address of the user. When provided all of the domains already attached to the identity provider will be replaced with this list.
add-domains
Optional
no type
Associates these additional email domains to the existing set of domains. See --domains for a detailed explanation.
remove-domains
Optional
no type
Removes these email domains from the existing set of domains. See --domains for a detailed explanation.
attribute-mapping-file
Optional
string
A file containing a JSON document describing the attribute mappings attached to this identity provider. User information contained in the SAML assertion will be mapped according to the rules laid out in this document.
Remove a connection to an already added SSO identity provider. Removing the provider will prevent existing users from logging in. Please treat this command with care.
Flags
--project-ref <string>
REQUIRED
string
Project ref of the Supabase project.
--output [ pretty | json | yaml | toml ]
Optional
[ pretty | json | yaml | toml ]
Output format of the command, useful when using the CLI in scripts or CI workflows.
pretty
REQUIRED
[ pretty | json | yaml | toml ]
json
REQUIRED
[ pretty | json | yaml | toml ]
yaml
REQUIRED
[ pretty | json | yaml | toml ]
toml
REQUIRED
[ pretty | json | yaml | toml ]
Use only with certain commands to output the raw SAML 2.0 Metadata XML stored in your project's authentication configuration.
Activates the custom hostname configuration for a project.
This reconfigures your Supabase project to respond to requests on your custom hostname.
After the custom hostname is activated, your project's auth services will no longer function on the Supabase-provisioned subdomain.
Flags
--include-raw-output
Optional
no type
Include raw output (useful for debugging).
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase domains activate
$ supabase domains create
Create a custom hostname for your Supabase project.
Expects your custom hostname to have a CNAME record to your Supabase project's subdomain.
Flags
--custom-hostname <string>
Optional
no type
The custom hostname to use for your Supabase project.
--include-raw-output
Optional
no type
Include raw output (useful for debugging).
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase domains create [flags]
$ supabase domains get
Retrieve the custom hostname config for your project, as stored in the Supabase platform.
Flags
--include-raw-output
Optional
no type
Include raw output (useful for debugging).
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase domains get
$ supabase domains reverify
Re-verify the custom hostname config for your project
Flags
--include-raw-output
Optional
no type
Include raw output (useful for debugging).
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase domains reverify
$ supabase domains delete
Deletes the custom hostname config for your project
Flags
--include-raw-output
Optional
no type
Include raw output (useful for debugging).
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase domains delete
$ supabase vanity-subdomains
Manage vanity subdomains for Supabase projects.
Usage of vanity subdomains and custom domains is mutually exclusive.
Activate a vanity subdomain for your Supabase project.
This reconfigures your Supabase project to respond to requests on your vanity subdomain.
After the vanity subdomain is activated, your project's auth services will no longer function on the {project-ref}.{supabase-domain} hostname.
Flags
--desired-subdomain <string>
Optional
no type
The desired vanity subdomain to use for your Supabase project.
--experimental
REQUIRED
no type
enable experimental features
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase vanity-subdomains activate [flags]
$ supabase vanity-subdomains get
Get the current vanity subdomain
Flags
--experimental
REQUIRED
no type
enable experimental features
--project-ref <string>
Optional
no type
Project ref of the Supabase project.
supabase vanity-subdomains get
$ supabase vanity-subdomains check-availability
Checks if a desired subdomain is available for use
Flags
--desired-subdomain <string>
Optional
no type
The desired vanity subdomain to use for your Supabase project.