# Supabase local development configuration. # See: https://supabase.com/docs/guides/cli/config [api] enabled = true port = 54321 schemas = ["public", "storage", "graphql_public"] extra_search_path = ["public", "extensions"] max_rows = 1000 [api.tls] enabled = false [db] port = 54322 shadow_port = 54320 major_version = 15 [db.pooler] enabled = false port = 54329 pool_mode = "transaction" default_pool_size = 20 max_client_conn = 100 [realtime] enabled = true ip_version = "IPv4" max_header_length = 4096 [studio] enabled = true port = 54323 api_url = "http://127.0.0.1" openai_api_key = "" [inbucket] enabled = true port = 54324 [storage] enabled = true file_size_limit = "50MiB" [storage.image_transformation] enabled = true [auth] enabled = true site_url = "http://127.0.0.1:5173" additional_redirect_urls = ["http://localhost:5173"] jwt_expiry = 3600 enable_refresh_token_rotation = true refresh_token_reuse_interval = 10 enable_signup = false enable_anonymous_sign_ins = false enable_manual_linking = false [auth.email] enable_signup = false double_confirm_changes = true enable_confirmations = false [auth.sms] enable_signup = false enable_confirmations = false # Keycloak as external OIDC provider via GoTrue (Option B). # GoTrue acts as OIDC proxy: app → GoTrue → Keycloak → GoTrue issues Supabase JWT. # Configured via environment variables in docker-compose.dev.yml: # GOTRUE_EXTERNAL_KEYCLOAK_ENABLED, GOTRUE_EXTERNAL_KEYCLOAK_URL, etc. # The [auth.third_party.keycloak] section is for Supabase CLI managed stacks; # we use docker-compose directly so this section is intentionally left empty. [auth.third_party.keycloak] enabled = false [edge_runtime] enabled = true policy = "oneshot" inspector_port = 8083 [analytics] enabled = false port = 54327 vector_port = 54328 backend = "postgres"