Safely recovers write-only environment variables from Supabase by deploying a temporary edge function. Use when the user needs to recover lost secrets from a Supabase project.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Safely recovers write-only environment variables from Supabase by deploying a temporary edge function. Use when the user needs to recover lost secrets from a Supabase project.
Recovering Supabase Environment Variables
When to use this skill
User needs to see values of "write-only" environment variables in Supabase.
User has lost local copies of secrets and needs to recover them from the running project.
User asks to "audit" or "check" the current environment variables in Supabase.
Workflow
Context Gathering:
Ask the user for the list of environment variable names (keys) they need to recover. (e.g., SMTP_PASSWORD, STRIPE_SECRET_KEY).
Ask for the path to their local Supabase project (to run supabase functions deploy).
Check if they are logged in to Supabase CLI (supabase projects list).
Preparation:
Generate a random High-Entropy Secret Key (e.g., a UUID or long random string) to secure the function.
Read the template from resources/recover_secrets.ts.
Replace // INSERT_TARGET_VARS_HERE with the JSON-formatted list of keys the user requested.
Replace // INSERT_GENERATED_SECRET_HERE with the generated secret key.
Save this file to a temporary location in the user's project, e.g., ./supabase/functions/temp_recovery_func/index.ts.
Deployment:
Run supabase functions deploy temp_recovery_func --no-verify-jwt.
Ensure the function is deployed successfully.
Execution (Recovery):
Invoke the function using curl or a script, passing the secret key in the x-recovery-secret header.
CRITICAL: Do not print the output to the terminal history if possible, or advise the user to clear it. However, since the goal is recovery, displaying it in the response (markdown block) is usually what the user wants.
Cleanup:
IMMEDIATELY run supabase functions delete temp_recovery_func to remove the exposed endpoint.
Delete the local file ./supabase/functions/temp_recovery_func/index.ts.
Remove the parent folder ./supabase/functions/temp_recovery_func if empty.
Instructions
Safety First: Verify that the user definitely wants to deploy a live endpoint.
Minimization: Only fetch the variables explicitly requested.
Ephemeral: The function must exist for the shortest time possible.
No Logs: The Deno function logic explicitly avoids console.log(secrets). Ensure your AI-generated code continues to respect this.