Maturity Model
Supabase is great for building something very fast and for scaling up. However, it's important to note that as your application matures and your team expands, the practices you use for managing an application in production should not be the same as the practices you used for prototyping.
Prototyping
The Dashboard is a quick and easy tool for building applications while you are prototyping. That said, we strongly recommend using Migrations to manage your database changes. You can use our CLI to capture any changes you have made on the Dashboard so that you can commit them a version control system, like git.
Collaborating
As soon as you start collaborating with team members, all project changes should be in version control. At this point we strongly recommend moving away from using the Dashboard for schema changes. Use migrations to manage your database, and check them into your version control system to track every change.
Resources:
In production
Once your application is live, you should never change your database using the Dashboard - everything should be done with Migrations. Some other important things to consider at this point include:
- The Dashboard has various access levels that can prevent changes being made via the UI.
- Design a safe workflow for managing your database. We strongly recommend running multiple environments as part of your development workflow (
local
->staging
->prod
). - Do not share any production passwords with your team, especially your
postgres
password. All changes should be made via version-controlled migrations which run via a bastion host or a CI platform (like GitHub Actions. If you use GitHub Actions, use approval workflows to prevent any migrations being run accidentally. - Restrict production access to your database using Network Restrictions.
- As your database to grows, we strongly recommend moving to Point-in-Time Recovery. This is safer and has less impact on your database performance during maintenance windows.
- Read the Production Checklist and familiarize your team with the Shared Responsibilities between your organization and Supabase.
Resources:
Enterprise
For a more secure setup, consider running your workload across several organizations. It's a common pattern to have a Production organization which is restricted to only those team members who are qualified to have direct access to production databases.
Reach out to growth@supabase.com if you need help designing a secure development workflow for your organization.