Rotating Anon, Service, and JWT Secrets

[tylerfontaine]

Has this ever been you: "Oh no! I accidentally committed my service key to our public repo!" Or maybe rotating keys is just something you regularly do for security compliance.

Whatever the reason, here's how to rotate the keys for your Supabase project.

1. Go to the API Settings page in the Supabase Dashboard
2. Find the JWT Secrets section

3. Click the Generate new secret button and choose either a random secret, or custom if you'd like to supply one of your own.
4. NOTE: Once regeneraged, all current API secrets will be immediately invalidated, and all connections using them will be severed. You will need to deploy the new secrets for connections to begin working again.
5. Confirm the changes in the warning that pops up by clicking Generate New Secret again.

6. After confirming, the secret will be generated, and Supabase will start rolling that out across our services. Postgres will restart, the API gateways will be updated, etc. Once the process is complete, you will be able to see your new JWT secret as well as the new anon and service keys.

[rayyeoh]

I've generated a new JWT secret but it has been 4 hours since. How long is the next step suppose to take? Do I restart the project whilst still in this state or has something gone wrong? Thank you for your input.

[GregTillman-coder]

i've done exactly this but the regenerate button is gone and they are pushing new JWT keys on me?! i need to fix this quick and can't change everything else i just need new keys