Performing administration tasks on the server side with the service_role secret

[silentworks]

By default, the auth-helpers/ssr do not permit the use of the service_role secret. This restriction is in place to prevent the accidental exposure of your service_role secret to the public. Since the auth-helpers/ssr function on both the server and client side, it becomes challenging to separate the key specifically for client-side usage.

However, there is a solution. You can create a separate Supabase client using the createClient method from @supabase/supabase-js and provide it with the service_role secret. In a server environment, you will also need to disable certain properties to ensure proper functionality.

By implementing this approach, you can safely utilize the service_role secret without compromising security or exposing sensitive information to the public.

import { createClient } from '@supabase/supabase-js'

const supabase = createClient(supabaseUrl, serviceRoleSecret, {
  auth: {
    persistSession: false,
    autoRefreshToken: false,
    detectSessionInUrl: false,
  },
})