Any way to generate Supabase ANON_KEY and JWT_SECRET locally?

Question

I'm self-hosting Supabase. Linode's Guide mentions a step where an ANON_KEY and a JWT_SECRET are generated, by passing JWT secret in the API Keys section of this guide by Supabase

The required value is selected by using the Preconfigured Payload dropdown.

I see that Kong is used for JWT token authentication.

If I wanted to generate ANON_KEY and JWT_SECRET values myself, instead of relying on the widget in the documentation (the second link), how would I go about doing it?

Tried to look up how the needed values for Supabase could be generated locally. Couldn't find anything. While it's an option to try to setup Kong for this purpose, I'm not certain of any configuration to use.

This seems like an undocumented matter.

Answer 1

Go to this link Supabase Generate API keys

1. You will see this form,
2. fill the JWT Secret or you can use the one you found there
3. Select either ANON_KEY or SERVICE_KEY
4. click generate JWT

The key generated below will be your ANON_KEY, also select the SERVICE_KEY from dropdown and generate your SERVICE_KEY. Use them together with your JWT_SECRET above where they are needed

Answer 2

You can find the code for the JWT generator here: https://github.com/supabase/supabase/blob/master/apps/docs/components/JwtGenerator/JwtGenerator.tsx

import React, { useState } from 'react'
import KJUR from 'jsrsasign'
import CodeBlock from './CodeBlock/CodeBlock'
import { Button } from 'ui'

const JWT_HEADER = { alg: 'HS256', typ: 'JWT' }
const now = new Date()
const today = new Date(now.getFullYear(), now.getMonth(), now.getDate())
const fiveYears = new Date(now.getFullYear() + 5, now.getMonth(), now.getDate())
const anonToken = `
{
    "role": "anon",
    "iss": "supabase",
    "iat": ${Math.floor(today / 1000)},
    "exp": ${Math.floor(fiveYears / 1000)}
}
`.trim()

const serviceToken = `
{
    "role": "service_role",
    "iss": "supabase",
    "iat": ${Math.floor(today / 1000)},
    "exp": ${Math.floor(fiveYears / 1000)}
}
`.trim()

export default function JwtGenerator({}) {
  const secret = [...Array(40)].map(() => Math.random().toString(36)[2]).join('')

  const [jwtSecret, setJwtSecret] = useState(secret)
  const [token, setToken] = useState(anonToken)
  const [signedToken, setSignedToken] = useState('')

  const handleKeySelection = (e) => {
    const val = e.target.value
    if (val == 'service') setToken(serviceToken)
    else setToken(anonToken)
  }
  const generate = () => {
    const signedJWT = KJUR.jws.JWS.sign(null, JWT_HEADER, token, jwtSecret)
    setSignedToken(signedJWT)
  }

// [...]