Manual tasks to complete in the Supabase Dashboard before or after going live. Use this checklist for both staging and production projects. Reference: Supabase Production Checklist.Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Security
- Network Restrictions — Restrict direct DB access to known IPs (Dashboard → Project → Database → Settings).
- SSL Enforcement — Force encrypted connections (Dashboard → Project → Database → Settings).
- Custom SMTP — Replace Supabase default with SendGrid/AWS SES for auth emails (Dashboard → Project → Auth → SMTP).
- MFA on Supabase org account — Protect the dashboard (Supabase account settings, not project).
- Add multiple org owners — Ensure continuity if one admin loses access (Organization settings).
- Review Realtime publications — Only enable replication on tables that need it (Dashboard → Database → Publications).
- Disable public signup — Already enforced via
config.toml(enable_signup = false); confirm in Auth settings.
Performance
- Enable PITR — If DB is expected to exceed 4GB, enable Point-in-Time Recovery (Dashboard → Project → Settings → Add-ons).
- Review indexes — Run Performance Advisor in Dashboard and apply recommended indexes if needed.
- Load testing — Run k6 or similar on staging before launch.
Availability
- Upgrade plan — Ensure Pro plan or higher for support access if required.
- Subscribe to status page — status.supabase.com.
Config push (CLI)
Push hardenedconfig.toml auth/session/rate-limit settings (optional; some options are Dashboard-only):
anonymous_users = 0 (use 1 in config) and does not support enabling MFA WebAuthn via config push; enable WebAuthn in Dashboard if required.
Project refs
- Staging:
bmkfpdhwmgawkfawplvo - Production:
zkgxozahyczcnzpwhbbf