Skip to content

Commit 389b6d7

Browse files
codercatdevcodercatdev
committed
fix: use Supabase Vault for CRON_SECRET in pg_cron migration
Switch from current_setting('app.cron_secret') to Supabase Vault (vault.decrypted_secrets) to match existing cron job auth pattern. No longer requires app.cron_secret config var — just needs CRON_SECRET in Vault (already configured).
1 parent 155f361 commit 389b6d7

File tree

1 file changed

+11
-10
lines changed

1 file changed

+11
-10
lines changed

supabase/migrations/002_cron_schedules.sql

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,13 @@
33
-- ==========================================================================
44
--
55
-- Prerequisites:
6-
-- These Supabase config vars must be set before running this migration:
7-
-- ALTER DATABASE postgres SET app.site_url = 'https://codingcat.dev';
8-
-- ALTER DATABASE postgres SET app.cron_secret = 'your-cron-secret-here';
6+
-- Prerequisites:
7+
-- 1. Set the site URL config var:
8+
-- ALTER DATABASE postgres SET app.site_url = 'https://codingcat.dev';
99
--
10-
-- You can set them in the Supabase dashboard under Database → Extensions,
11-
-- or via SQL in the SQL Editor.
10+
-- 2. CRON_SECRET must exist in Supabase Vault (vault.decrypted_secrets).
11+
-- Add it via Supabase Dashboard → Settings → Vault, or:
12+
-- SELECT vault.create_secret('your-cron-secret-here', 'CRON_SECRET');
1213
--
1314
-- Pipeline flow:
1415
-- 1. youtube-stats → daily YouTube analytics sync (renamed from daily-cron)
@@ -87,7 +88,7 @@ SELECT cron.schedule(
8788
'0 0 * * *',
8889
$$SELECT net.http_get(
8990
url := current_setting('app.site_url') || '/api/cron',
90-
headers := jsonb_build_object('Authorization', 'Bearer ' || current_setting('app.cron_secret'))
91+
headers := jsonb_build_object('Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'CRON_SECRET' LIMIT 1))
9192
)$$
9293
);
9394

@@ -100,7 +101,7 @@ SELECT cron.schedule(
100101
'0 10 * * *',
101102
$$SELECT net.http_get(
102103
url := current_setting('app.site_url') || '/api/cron/ingest',
103-
headers := jsonb_build_object('Authorization', 'Bearer ' || current_setting('app.cron_secret'))
104+
headers := jsonb_build_object('Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'CRON_SECRET' LIMIT 1))
104105
)$$
105106
);
106107

@@ -113,7 +114,7 @@ SELECT cron.schedule(
113114
'*/5 * * * *',
114115
$$SELECT net.http_get(
115116
url := current_setting('app.site_url') || '/api/cron/check-research',
116-
headers := jsonb_build_object('Authorization', 'Bearer ' || current_setting('app.cron_secret'))
117+
headers := jsonb_build_object('Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'CRON_SECRET' LIMIT 1))
117118
)$$
118119
);
119120

@@ -126,7 +127,7 @@ SELECT cron.schedule(
126127
'*/5 * * * *',
127128
$$SELECT net.http_get(
128129
url := current_setting('app.site_url') || '/api/cron/check-renders',
129-
headers := jsonb_build_object('Authorization', 'Bearer ' || current_setting('app.cron_secret'))
130+
headers := jsonb_build_object('Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'CRON_SECRET' LIMIT 1))
130131
)$$
131132
);
132133

@@ -138,6 +139,6 @@ SELECT cron.schedule(
138139
'0 9 * * 1,4',
139140
$$SELECT net.http_get(
140141
url := current_setting('app.site_url') || '/api/cron/sponsor-outreach',
141-
headers := jsonb_build_object('Authorization', 'Bearer ' || current_setting('app.cron_secret'))
142+
headers := jsonb_build_object('Authorization', 'Bearer ' || (SELECT decrypted_secret FROM vault.decrypted_secrets WHERE name = 'CRON_SECRET' LIMIT 1))
142143
)$$
143144
);

0 commit comments

Comments
 (0)