Files
supabase/apps/docs/content/guides/platform/postgres-connection-logging.mdx
Nik Richers 93ebd8adf1 docs(security): remove log_connections effective date admonition — MERGE ON JULY 9 (#47253)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

- docs update

Scheduled follow-up to #47252 / DOCS-1080.

## What is the current behavior?

- Docs include a temporary note admonition on five pages: "This default
takes effect for new projects from July 9, 2026." (#47252)
- The `do-not-merge` label blocks CI until this PR is ready to merge.

## What is the new behavior?

- Removes the temporary effective-date admonition partial and all
`$Partial` includes.
- Default-behavior copy from #47199 remains unchanged.

## Additional context

**Do not merge before July 9, 2026.**

### Merge instructions (July 9)

1. Rebase this branch onto `master` after #47252 has merged (should
remain a clean removal-only diff)
2. Remove the `do-not-merge` label
3. Confirm CI is green and merge

Review screenshots live in `.github/pr-screenshots/docs-1080/` on this
branch for PR proof only.

### Test plan

- [ ] After rebase, confirm the five pages no longer show the
effective-date admonition
- [ ] Confirm default-behavior copy from #47199 remains unchanged
- [ ] Remove `do-not-merge` label and merge on July 9, 2026


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Cleaned up several security, compliance, telemetry, and PostgreSQL
logging docs by removing a repeated note about when default connection
logging behavior takes effect.
* Streamlined the affected pages so the guidance now flows more directly
without the extra embedded note.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Nik Richers <nik@validmind.ai>
2026-07-10 06:30:14 -07:00

80 lines
3.8 KiB
Plaintext

---
id: 'postgres-connection-logging'
title: 'Postgres connection logging'
description: 'Enable or disable Postgres connection logging for audit and compliance.'
---
For security monitoring and compliance audits, Postgres can log connection lifecycle events to your project's [Postgres logs](/docs/guides/telemetry/logs#postgres), including events such as `connection received`, `connection authenticated`, and `connection authorized`.
## Default behavior
By default, Supabase sets `log_connections` to off for new projects and you must enable it first. This behavior matches common managed Postgres defaults and reduces log volume from high-frequency connection events.
Existing projects may retain different settings depending on plan and compliance configuration:
- **Team, Enterprise, and HIPAA organizations** — Connection logging is typically enabled to support audit requirements.
- **HIPAA projects** — Supabase enables connection logging when a project is marked as high compliance. The [Security Advisor](/dashboard/project/_/advisors/security) warns if connection logging is later disabled.
## Compliance considerations
<Admonition type="note">
If you need connection audit evidence for SOC 2 or other compliance programs, you must enable it explicitly.
</Admonition>
Connection logging supports audit and monitoring controls required by some compliance programs:
- **HIPAA** — High-compliance projects should keep connection logging enabled. See the [shared responsibility model for healthcare data](/docs/guides/deployment/shared-responsibility-model#managing-healthcare-data) and [HIPAA compliance guide](/docs/guides/security/hipaa-compliance).
- **SOC 2** — Users who need connection audit evidence should enable logging and retain logs according to their own policies. See the [SOC 2 compliance guide](/docs/guides/security/soc-2-compliance).
Disabling connection logging does not affect other Supabase logging (for example, [Platform Audit Logs](/docs/guides/security/platform-audit-logs), [Auth Audit Logs](/docs/guides/auth/audit-logs), or [pgAudit](/docs/guides/telemetry/logs#configuring-pgauditlog)).
## Manage connection logging via the dashboard
You can configure connection logging from the **Log connections** setting in the [Database Settings](/dashboard/project/_/database/settings) section of the Dashboard.
Ensure that you have [Owner or Admin permissions](/docs/guides/platform/access-control#manage-team-members) for the project.
<Admonition type="note">
Connection events appear in Postgres logs. In the [Logs Explorer](/dashboard/project/_/logs-explorer), connection lifecycle messages may be hidden by default to reduce noise. Use the connection logs filter in the sidebar to show or hide them.
</Admonition>
## Manage connection logging via the Management API
You can also manage connection logging using the [Management API](/docs/reference/api/v1-update-postgres-config):
```bash
# Get your access token from https://supabase.com/dashboard/account/tokens
export SUPABASE_ACCESS_TOKEN="your-access-token"
export PROJECT_REF="your-project-ref"
# Get current Postgres config
curl -X GET "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN"
# Enable connection logging
curl -X PUT "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"log_connections": true
}'
# Disable connection logging
curl -X PUT "https://api.supabase.com/v1/projects/$PROJECT_REF/config/database/postgres" \
-H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"log_connections": false
}'
```
To verify the setting, use the SQL Editor:
```sql
show log_connections;
```