Supabase

Opseer connects to Supabase via the official OAuth flow. You never paste a service_role or any other plaintext key — stats collection, data CRUD, Auth management, Edge Functions, and Cron jobs all light up after a single OAuth grant.

Prerequisites

• A Supabase account + project (free tier or above)
• Owner role on the Opseer project

How to connect

What you can do

Least-privilege OAuth — only Database has Read+Write; everything else (Edge Functions / Secrets / Projects) is Read-only.

• Stats Collection — runs your queries through Mgmt SQL execute (Database RW)
• Data Tables — browse, create, update, delete records (Database RW)
• Auth — list users, ban/unban, delete (via auth.users SQL, Database RW)
• Edge Functions — view deployed functions and code (read-only)
• Secrets — view Edge Function secret names (read-only)
• Cron Jobs — view pg_cron jobs and run history (read-only)
• Database overview — table sizes and schema info

Out of scope

Features intentionally restricted to read-only via OAuth scope, or unavailable via the Mgmt API. Use Supabase Studio (each page has a "Supabase Dashboard →" link).

• Edge Functions deploy/delete, Secrets create/update/delete, Cron Job create/delete — read-only by design
• Storage object CRUD — the Mgmt API has no endpoint for it
• Queues (pgmq) management — Supabase Studio only
• Triggering password reset emails to your end users — handle it from your own app's "forgot password" flow

Disconnecting

Click "Disconnect" on the Supabase card. The stored OAuth tokens and any metadata bound to this integration (stats columns, data tables, collected values) are removed together.