Rotating Anon Service And Jwt Secrets 1Jq6yd

<Admonition type="deprecation">

This troubleshooting guide is about rotating Legacy anon, service_role API keys. We are deprecating Legacy , and recommend migrating to New API keys. To learn more about API keys, refer to the API documentation.

</Admonition> <Admonition type="tip">

Once the JWT secret is regenerated, all current API secrets will be immediately invalidated, and all connections using them will be severed. You will need to deploy the new secrets for connections to begin working again. You can avoid downtime by migrating to new API Keys.

</Admonition>

Have you ever accidentally committed a service key to a public repo? Or maybe rotating keys is just something you regularly do for security compliance. Whatever the reason, here's how to rotate the keys for your Supabase project.

If you haven’t migrated to asymmetric JWT signing keys:

1. Go to Project Settings → JWT Keys in the Supabase Dashboard
2. Navigate to the Legacy JWT Secret tab
3. Click on Change Legacy Secret
   • Click on Generate a random secret to let Supabase decide the JWT secret.
   • Click on Create my own secret to enter a custom JWT secret
4. You will see a Confirmation dialog. Read it through and confirm to proceed.

If you have migrated to new symmetric JWT signing keys:

1. Go to Project Settings → JWT Keyss in the Supabase Dashboard
2. Navigate to the JWT Signing Keys tab.
3. Click on Rotate Keys. This will move the current key to “Previously used keys”
4. Select the three-dot icon (action icon) of your previously used key and click “Revoke”. If you do not “Revoke” the key, older keys will still be valid.

Further readings

• How to rotate the service role key
• What to do if a secret key or service_role has been leaked or compromised?
• JWT Signing Keys