Skip to main content
If a Postgres password or connection string was exposed (chat, logs, CI output), rotate it immediately.

Dev (Encore OS — project ref anuwknikgsijbameytzr)

  1. Supabase Dashboard → Project SettingsDatabaseDatabase passwordReset database password.
  2. Update local secrets only in .env.local (gitignored):
    • SUPABASE_DEV_DB_URL (use Session pooler URI; see SUPABASE_MULTI_ENV_SETUP.md § Database connections).
    • SUPABASE_SERVICE_ROLE_KEY if you store it for REST-based seed extraction.
  3. Update any CI/GitHub Actions secrets that referenced the old password.
  4. Do not commit passwords or pooler URIs to .env (tracked). Prefer .env.local.

Production (encore_os_prod — project ref aximlomrwfuhctxjhrsf)

Same steps on the production project. Coordinate a short maintenance window if clients use the DB password directly (they should use the pooler + app secrets instead).

Verification

After rotation, from repo root:
Expect a summary table with non-zero row counts for each catalog table.