mirror of
https://github.com/supabase/supabase.git
synced 2026-07-18 21:40:13 -04:00
93ebd8adf1
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? - docs update Scheduled follow-up to #47252 / DOCS-1080. ## What is the current behavior? - Docs include a temporary note admonition on five pages: "This default takes effect for new projects from July 9, 2026." (#47252) - The `do-not-merge` label blocks CI until this PR is ready to merge. ## What is the new behavior? - Removes the temporary effective-date admonition partial and all `$Partial` includes. - Default-behavior copy from #47199 remains unchanged. ## Additional context **Do not merge before July 9, 2026.** ### Merge instructions (July 9) 1. Rebase this branch onto `master` after #47252 has merged (should remain a clean removal-only diff) 2. Remove the `do-not-merge` label 3. Confirm CI is green and merge Review screenshots live in `.github/pr-screenshots/docs-1080/` on this branch for PR proof only. ### Test plan - [ ] After rebase, confirm the five pages no longer show the effective-date admonition - [ ] Confirm default-behavior copy from #47199 remains unchanged - [ ] Remove `do-not-merge` label and merge on July 9, 2026 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Cleaned up several security, compliance, telemetry, and PostgreSQL logging docs by removing a repeated note about when default connection logging behavior takes effect. * Streamlined the affected pages so the guidance now flows more directly without the extra embedded note. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Nik Richers <nik@validmind.ai>
80 lines
3.8 KiB
Plaintext
80 lines
3.8 KiB
Plaintext
---
|
|
id: 'postgres-connection-logging'
|
|
title: 'Postgres connection logging'
|
|
description: 'Enable or disable Postgres connection logging for audit and compliance.'
|
|
---
|
|
|
|
For security monitoring and compliance audits, Postgres can log connection lifecycle events to your project's [Postgres logs](/docs/guides/telemetry/logs#postgres), including events such as `connection received`, `connection authenticated`, and `connection authorized`.
|
|
|
|
## Default behavior
|
|
|
|
By default, Supabase sets `log_connections` to off for new projects and you must enable it first. This behavior matches common managed Postgres defaults and reduces log volume from high-frequency connection events.
|
|
|
|
Existing projects may retain different settings depending on plan and compliance configuration:
|
|
|
|
- **Team, Enterprise, and HIPAA organizations** — Connection logging is typically enabled to support audit requirements.
|
|
- **HIPAA projects** — Supabase enables connection logging when a project is marked as high compliance. The [Security Advisor](/dashboard/project/_/advisors/security) warns if connection logging is later disabled.
|
|
|
|
## Compliance considerations
|
|
|
|
<Admonition type="note">
|
|
|
|
If you need connection audit evidence for SOC 2 or other compliance programs, you must enable it explicitly.
|
|
|
|
</Admonition>
|
|
|
|
Connection logging supports audit and monitoring controls required by some compliance programs:
|
|
|
|
- **HIPAA** — High-compliance projects should keep connection logging enabled. See the [shared responsibility model for healthcare data](/docs/guides/deployment/shared-responsibility-model#managing-healthcare-data) and [HIPAA compliance guide](/docs/guides/security/hipaa-compliance).
|
|
- **SOC 2** — Users who need connection audit evidence should enable logging and retain logs according to their own policies. See the [SOC 2 compliance guide](/docs/guides/security/soc-2-compliance).
|
|
|
|
Disabling connection logging does not affect other Supabase logging (for example, [Platform Audit Logs](/docs/guides/security/platform-audit-logs), [Auth Audit Logs](/docs/guides/auth/audit-logs), or [pgAudit](/docs/guides/telemetry/logs#configuring-pgauditlog)).
|
|
|
|
## Manage connection logging via the dashboard
|
|
|
|
You can configure connection logging from the **Log connections** setting in the [Database Settings](/dashboard/project/_/database/settings) section of the Dashboard.
|
|
|
|
Ensure that you have [Owner or Admin permissions](/docs/guides/platform/access-control#manage-team-members) for the project.
|
|
|
|
<Admonition type="note">
|
|
|
|
Connection events appear in Postgres logs. In the [Logs Explorer](/dashboard/project/_/logs-explorer), connection lifecycle messages may be hidden by default to reduce noise. Use the connection logs filter in the sidebar to show or hide them.
|
|
|
|
</Admonition>
|
|
|
|
## Manage connection logging via the Management API
|
|
|
|
You can also manage connection logging using the [Management API](/docs/reference/api/v1-update-postgres-config):
|
|
|
|
```bash
|
|
# Get your access token from https://supabase.com/dashboard/account/tokens
|
|
export SUPABASE_ACCESS_TOKEN="your-access-token"
|
|
export PROJECT_REF="your-project-ref"
|
|
|
|
# Get current Postgres config
|
|
curl -X GET "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
|
|
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN"
|
|
|
|
# Enable connection logging
|
|
curl -X PUT "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
|
|
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"log_connections": true
|
|
}'
|
|
|
|
# Disable connection logging
|
|
curl -X PUT "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
|
|
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"log_connections": false
|
|
}'
|
|
```
|
|
|
|
To verify the setting, use the SQL Editor:
|
|
|
|
```sql
|
|
show log_connections;
|
|
```
|