Skip to main content

Overview

Risk Legion uses Supabase for:
  • PostgreSQL Database - Primary data storage
  • Authentication - User management and JWT tokens
  • Row Level Security - Multi-tenant data isolation

Creating a Project

1. Create New Project

  1. Go to supabase.com
  2. Sign in and click “New Project”
  3. Choose organization
  4. Enter project details:
    • Name: risk-legion-production
    • Database Password: (save securely)
    • Region: Choose closest to your users
  5. Click “Create new project”

2. Note Credentials

From Project Settings → API: From Project Settings → Database:

Database Setup

1. Create Tables

Run schema SQL in SQL Editor:

2. Enable RLS

3. Create RLS Policies

4. Create Indexes

Authentication Setup

1. Configure Providers

In Authentication → Providers:
  • Email: Enable
  • Password requirements: Set minimum 8 characters

2. Configure URLs

In Authentication → URL Configuration:

3. Email Templates (Optional)

In Authentication → Email Templates: Customize:
  • Confirm signup
  • Reset password
  • Magic link

Profile Trigger

Create a trigger to automatically create profiles:

Storage Setup (Optional)

If you need file storage:
  1. Go to Storage → Create bucket
  2. Name: documents
  3. Configure RLS policies for bucket access

Backup Configuration

Automatic Backups

Supabase Pro plans include:
  • Daily automated backups
  • Point-in-time recovery
  • 7-day retention

Manual Backup

Monitoring

Dashboard Metrics

In Project Dashboard:
  • Database size
  • API requests
  • Auth users
  • Realtime connections

Logs

In Logs:
  • API logs
  • Auth logs
  • Database logs

Environment-Specific Projects

Consider separate projects for:

Security Checklist

  • All tables have RLS enabled
  • Policies cover all operations (SELECT, INSERT, UPDATE, DELETE)
  • Test with different user roles
  • Never expose service_role key to frontend
  • anon key is safe for frontend
  • Rotate keys if compromised
  • Enable SSL enforcement
  • Restrict database connections (optional)
  • Use VPN for direct database access
  • Strong password requirements
  • Consider MFA for admin users
  • Monitor for suspicious activity

Troubleshooting

  • Check if user has correct enterprise_id
  • Verify auth.uid() returns expected value
  • Test policy with direct SQL
  • Check project is active (not paused)
  • Verify connection string is correct
  • Check IP whitelist settings
  • Verify API keys are correct
  • Check redirect URLs are configured
  • Review auth logs for errors