docs/documentation/platform/secret-rotation/supabase-api-key.mdx
This rotation maintains two active credential sets with overlapping validity, ensuring zero-downtime during rotation cycles. </Note>
2. Select the **Supabase API Key** option.
3. Configure the rotation behavior, then click **Next**.
- **Supabase Connection** – The connection that will create and delete API keys during rotation.
- **Rotation Interval** – The interval, in days, after which a rotation is triggered.
- **Rotate At** – The local time of day when rotation runs once the interval has elapsed.
- **Auto-Rotation Enabled** – Whether to rotate automatically on the interval. Turn off to rotate only manually or pause rotation.
4. Set the Supabase API key parameters, then click **Next**.
- **Project** – The Supabase project to rotate the API key for.
- **Key Type** – The type of the API key to rotate:
- `publishable` – The public `anon` key, safe to expose in client-side code. It is used with Row Level Security (RLS) policies to control per-user access.
- `secret` – The `service_role` key, which bypasses RLS entirely and has full access to your project's data. Must be kept server-side only.
5. Specify the secret name that the rotated API key will be mapped to. Then click **Next**.
- **API Key** – The name of the secret in Infisical where the rotated API key value will be stored.
6. Give your rotation a name and description (optional). Then click **Next**.
- **Name** – A slug-friendly name for this rotation configuration.
- **Description** (optional) – Notes about this rotation.
7. Review your configuration, then click **Create Secret Rotation**.
8. Your **Supabase API Key** rotation is created. The current API key is available as a secret at the mapped path. Rotations will create a new key, switch the active secret to it, then revoke the previous key for zero-downtime rotation.
</Tab>
<Tab title="API">
To create a Supabase API Key rotation, call the [Create Supabase API Key Rotation](/api-reference/endpoints/secret-rotations/supabase-api-key/create) API endpoint.
### Sample request
```bash Request
curl --request POST \
--url https://us.infisical.com/api/v2/secret-rotations/supabase-api-key \
--header 'Content-Type: application/json' \
--data '{
"name": "my-supabase-rotation",
"projectId": "<project-id>",
"description": "Supabase API key rotation",
"connectionId": "<supabase-connection-id>",
"environment": "dev",
"secretPath": "/",
"isAutoRotationEnabled": true,
"rotationInterval": 30,
"rotateAtUtc": {
"hours": 0,
"minutes": 0
},
"parameters": {
"projectRef": "<supabase-project-ref>",
"keyType": "secret"
},
"secretsMapping": {
"apiKey": "SUPABASE_API_KEY"
}
}'
```
### Sample response
```bash Response
{
"secretRotation": {
"id": "<rotation-id>",
"name": "my-supabase-rotation",
"description": "Supabase API key rotation",
"secretsMapping": {
"apiKey": "SUPABASE_API_KEY"
},
"isAutoRotationEnabled": true,
"activeIndex": 0,
"connectionId": "<supabase-connection-id>",
"rotationInterval": 30,
"rotateAtUtc": { "hours": 0, "minutes": 0 },
"type": "supabase-api-key",
"parameters": {
"projectRef": "<supabase-project-ref>",
"keyType": "secret"
}
}
}
```
</Tab>