PublicArchive/supabase
2
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-05-08 09:50:33 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/studio/components/interfaces/Functions/EdgeFunctionSecrets/EdgeFunctionSecrets.tsx
T
Alaister Young 45ffa97240 [FE-3096] feat(studio): split edge function secrets into custom and default sections (#45355) 
Splits the Edge Function secrets page into two sections so reserved
Supabase env vars are always visible, even on new projects without any
user secrets created.

<img width="1605" height="1006" alt="Screenshot 2026-04-29 at 12 20
43 PM"
src="https://github.com/user-attachments/assets/fc74f10e-557d-45bb-b0f0-66a706a9facb"
/>

**Added:**
- `DefaultEdgeFunctionSecrets` component — a read-only reference list
(Name + Description) of every `SUPABASE_*`, `SB_*`, and `DENO_*` env var
available in every project, sourced from [the
docs](https://supabase.com/docs/guides/functions/secrets#default-secrets)
- `isInternalEdgeFunctionSecret` helper used to filter the custom
secrets table

**Changed:**
- The custom secrets section now renders first (more actionable), with
the educational default secrets section below it
- Custom secrets table now filters out anything matching `SUPABASE_*` or
any of the hardcoded default names

**Removed:**
- `isReservedSecret` regex check + its tooltip branches in
`EdgeFunctionSecret.tsx` — dead code now that the custom table never
receives an internal secret

Addresses
[FE-3096](https://linear.app/supabase/issue/FE-3096/split-edge-function-secrets-into-internal-and-user-defined-views).

## To test

- Open `/project/_/functions/secrets` on a fresh project (no custom
secrets)
- "Default secrets" section is visible and lists all 9 env vars with
descriptions
  - "Custom secrets" section shows the empty state
- Create a custom secret — appears in the Custom section, not the
Default section
- Edit/delete dropdown still works on custom secrets
- Search input only filters the custom secrets table

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a "Default secrets" section showing built-in edge-function
secrets with names, descriptions, and a "Deprecated" badge where
applicable.
* Secret names are clickable to copy to clipboard with a success
notification; secret names/values use inline code styling.
* UI now separates "Custom secrets" and "Default secrets" with distinct
empty states.

* **Bug Fixes**
* Edit/Delete controls reflect actual permission state (no longer
disabled for default/reserved secrets).

* **Tests**
  * Added tests for default-secret detection and visibility rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-04-29 18:08:32 +08:00

242 lines
9.1 KiB
TypeScript
Raw Permalink Blame History

import { PermissionAction } from '@supabase/shared-types/out/constants'
import { useParams } from 'common'
import { Search } from 'lucide-react'
import { parseAsString, useQueryState } from 'nuqs'
import { useEffect, useMemo, useState } from 'react'
import { toast } from 'sonner'
import { Badge, Card, Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from 'ui'
import { Input } from 'ui-patterns/DataInputs/Input'
import { ConfirmationModal } from 'ui-patterns/Dialogs/ConfirmationModal'
import { GenericSkeletonLoader } from 'ui-patterns/ShimmeringLoader'
import { AddNewSecretForm } from './AddNewSecretForm'
import { DefaultEdgeFunctionSecrets } from './DefaultEdgeFunctionSecrets'
import {
getVisibleDefaultEdgeFunctionSecrets,
isInternalEdgeFunctionSecret,
} from './DefaultEdgeFunctionSecrets.utils'
import EdgeFunctionSecret from './EdgeFunctionSecret'
import { EditSecretSheet } from './EditSecretSheet'
import { AlertError } from '@/components/ui/AlertError'
import { DocsButton } from '@/components/ui/DocsButton'
import { NoPermission } from '@/components/ui/NoPermission'
import { useSecretsDeleteMutation } from '@/data/secrets/secrets-delete-mutation'
import { useSecretsQuery } from '@/data/secrets/secrets-query'
import { useAsyncCheckPermissions } from '@/hooks/misc/useCheckPermissions'
import { DOCS_URL } from '@/lib/constants'
export const EdgeFunctionSecrets = () => {
const { ref: projectRef } = useParams()
const [searchString, setSearchString] = useState('')
const { can: canReadSecrets, isLoading: isLoadingSecretsPermissions } = useAsyncCheckPermissions(
PermissionAction.FUNCTIONS_SECRET_READ,
'*'
)
const { can: canUpdateSecrets } = useAsyncCheckPermissions(PermissionAction.SECRETS_WRITE, '*')
const {
data = [],
error,
isPending: isLoading,
isSuccess,
isError,
} = useSecretsQuery({ projectRef: projectRef }, { enabled: canReadSecrets })
const customSecrets = useMemo(
() => data.filter((secret) => !isInternalEdgeFunctionSecret(secret.name)),
[data]
)
const visibleDefaultSecrets = useMemo(
() => getVisibleDefaultEdgeFunctionSecrets(new Set(data.map((secret) => secret.name))),
[data]
)
const [selectedIdToEdit, setSelectedIdToEdit] = useQueryState(
'edit',
parseAsString.withOptions({ history: 'push', clearOnDefault: true })
)
const selectedSecretToEdit = useMemo(
() => customSecrets.find((secret) => secret.name === selectedIdToEdit),
[customSecrets, selectedIdToEdit]
)
const [selectedIdToDelete, setSelectedIdToDelete] = useQueryState(
'delete',
parseAsString.withOptions({ history: 'push', clearOnDefault: true })
)
const selectedSecretToDelete = useMemo(
() => customSecrets.find((secret) => secret.name === selectedIdToDelete),
[customSecrets, selectedIdToDelete]
)
const {
mutate: deleteSecret,
isPending: isDeleting,
isSuccess: isSuccessDelete,
} = useSecretsDeleteMutation({
onSuccess: (_, variables) => {
toast.success(`Successfully deleted secret “${variables.secrets[0]}`)
setSelectedIdToDelete(null)
},
})
const filteredCustomSecrets = useMemo(() => {
if (searchString.length === 0) return customSecrets
const search = searchString.toLowerCase()
return customSecrets.filter((secret) => secret.name.toLowerCase().includes(search))
}, [customSecrets, searchString])
const headers = [
<TableHead key="secret-name">Name</TableHead>,
<TableHead key="secret-value" className="flex items-center gap-x-2">
Digest <Badge variant="default">SHA256</Badge>
</TableHead>,
<TableHead key="secret-updated-at">Updated</TableHead>,
<TableHead key="actions" />,
]
const showLoadingState = isLoadingSecretsPermissions || (canReadSecrets && isLoading)
useEffect(() => {
if (!!selectedIdToEdit && isSuccess && !selectedSecretToEdit) {
toast(`Secret ${selectedIdToEdit} cannot be found`)
setSelectedIdToEdit(null)
}
}, [isSuccess, selectedIdToEdit, selectedSecretToEdit, setSelectedIdToEdit])
useEffect(() => {
if (!!selectedIdToDelete && isSuccess && !selectedSecretToDelete && !isSuccessDelete) {
toast(`Secret ${selectedIdToDelete} cannot be found`)
setSelectedIdToDelete(null)
}
}, [
isSuccess,
isSuccessDelete,
selectedIdToDelete,
selectedSecretToDelete,
setSelectedIdToDelete,
])
return (
<>
{showLoadingState ? (
<GenericSkeletonLoader />
) : !canReadSecrets ? (
<NoPermission resourceText="view this project's edge function secrets" />
) : (
<>
{isError && <AlertError error={error} subject="Failed to retrieve project secrets" />}
{isSuccess && (
<div className="space-y-10">
{canUpdateSecrets ? (
<AddNewSecretForm />
) : (
<NoPermission resourceText="manage this project's edge function secrets" />
)}
<section className="space-y-4">
<div className="flex flex-col md:flex-row md:items-center justify-between gap-2">
<div className="space-y-1">
<h3 className="text-foreground text-base">Custom secrets</h3>
<p className="text-sm text-foreground-light">
Secrets you have defined for this project
</p>
</div>
<Input
size="small"
className="w-full md:w-80"
placeholder="Search for a secret"
value={searchString}
onChange={(e) => setSearchString(e.target.value)}
icon={<Search />}
/>
</div>
<Card>
<Table>
<TableHeader>
<TableRow>{headers}</TableRow>
</TableHeader>
<TableBody>
{filteredCustomSecrets.length > 0 ? (
filteredCustomSecrets.map((secret) => (
<EdgeFunctionSecret
key={secret.name}
secret={secret}
onSelectEdit={() => setSelectedIdToEdit(secret.name)}
onSelectDelete={() => setSelectedIdToDelete(secret.name)}
/>
))
) : customSecrets.length === 0 ? (
<TableRow className="[&>td]:hover:bg-inherit">
<TableCell colSpan={headers.length}>
<p className="text-sm text-foreground">No custom secrets created</p>
<p className="text-sm text-foreground-lighter">
This project has no custom secrets yet.
</p>
</TableCell>
</TableRow>
) : (
<TableRow className="[&>td]:hover:bg-inherit">
<TableCell colSpan={headers.length}>
<p className="text-sm text-foreground">No results found</p>
<p className="text-sm text-foreground-light">
Your search for "{searchString}" did not return any results
</p>
</TableCell>
</TableRow>
)}
</TableBody>
</Table>
</Card>
</section>
<section className="space-y-4">
<div className="flex flex-col md:flex-row md:items-center justify-between gap-2">
<div className="space-y-1">
<h3 className="text-foreground text-base">Default secrets</h3>
<p className="text-sm text-foreground-light">
Reserved secrets available in every project
</p>
</div>
<DocsButton href={`${DOCS_URL}/guides/functions/secrets#default-secrets`} />
</div>
<DefaultEdgeFunctionSecrets secrets={visibleDefaultSecrets} />
</section>
</div>
)}
</>
)}
<EditSecretSheet
secret={selectedSecretToEdit}
visible={!!selectedSecretToEdit}
onClose={() => setSelectedIdToEdit(null)}
/>
<ConfirmationModal
variant="destructive"
loading={isDeleting}
visible={!!selectedSecretToDelete}
confirmLabel="Delete secret"
confirmLabelLoading="Deleting secret"
title={`Delete secret “${selectedSecretToDelete?.name}`}
onCancel={() => setSelectedIdToDelete(null)}
onConfirm={() => {
if (selectedSecretToDelete) {
deleteSecret({ projectRef, secrets: [selectedSecretToDelete.name] })
}
}}
>
<p className="text-sm">
Ensure none of your edge functions are actively using this secret before deleting it. This
action cannot be undone.
</p>
</ConfirmationModal>
</>
)
}
Reference in New Issue View Git Blame Copy Permalink