Spaces:
Running
Running
| -- FINAL REMEDIATION: Bypassing the pgvault permission bottleneck | |
| -- This creates a private internal configuration store that is accessible to triggers | |
| -- but maintains a higher degree of security than hardcoding. | |
| create schema if not exists internal_config; | |
| create table if not exists internal_config.secrets ( | |
| name text primary key, | |
| value text not null, | |
| updated_at timestamptz default now() | |
| ); | |
| -- Sync the Service Role Key | |
| insert into internal_config.secrets (name, value) | |
| values ('SUPABASE_SERVICE_ROLE_KEY', 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFlanVlbmhxY2lhZ3BudGNxb2lyIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc3MjM4NDA3OCwiZXhwIjoyMDg3OTYwMDc4fQ.b3tZ_yad4WPQi4oSqGp1ksr_zw-ldByLqZWvT7HX5aQ') | |
| on conflict (name) do update set value = excluded.value, updated_at = now(); | |
| -- Ensure only the database owner can see this | |
| revoke all on internal_config.secrets from public; | |
| grant select on internal_config.secrets to postgres, service_role; | |