The Supabase MCP server connects your AI assistant to your Supabase project so it can manage tables, run SQL queries, handle auth configuration, manage storage buckets, and deploy edge functions — all through natural language. It goes beyond basic database access by integrating with Supabase's full platform including Row Level Security policies, TypeScript type generation, and real-time subscriptions setup.
Manage Your Entire Supabase Project from Your AI Chat
The @supabase/mcp-server-supabase is the official MCP server from Supabase. Unlike the generic PostgreSQL MCP server that only provides database access, this server integrates with the full Supabase platform. It can create and modify tables, set up Row Level Security policies, manage auth providers, handle storage buckets, deploy edge functions, and generate TypeScript types — all through your AI assistant. This makes it the ideal companion for any Supabase-powered project, whether you are building with Lovable, Cursor, or plain code.
Prerequisites
- A Supabase account with an existing project (or permission to create one)
- Your Supabase project URL and service role key from the Dashboard
- Node.js 18 or later installed on your machine
- Claude Desktop, Cursor, or another MCP-compatible AI host
Step-by-step guide
Find your Supabase project credentials
Find your Supabase project credentials
Log into supabase.com and open your project. Go to Settings > API to find your project URL and API keys. You need two values: the Project URL (looks like https://abcdefgh.supabase.co) and the service_role key (a long JWT starting with eyJ). The service_role key bypasses Row Level Security and should only be used in server-side contexts. The anon key is not sufficient for the MCP server as it needs admin access to manage schemas and policies.
1You'll need:21. Project URL: https://your-project-ref.supabase.co32. Service Role Key: eyJhbGciOiJIUzI1NiIs... (from Settings > API)Expected result: You have your Supabase project URL and service_role key copied and ready.
Add the Supabase MCP server to your configuration
Add the Supabase MCP server to your configuration
Open your MCP host's configuration file and add a supabase entry. The server requires two environment variables: SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY. These are passed in the env object of the configuration. The command uses npx with the -y flag to auto-install the package.
1{2 "mcpServers": {3 "supabase": {4 "command": "npx",5 "args": [6 "-y",7 "@supabase/mcp-server-supabase"8 ],9 "env": {10 "SUPABASE_URL": "https://your-project-ref.supabase.co",11 "SUPABASE_SERVICE_ROLE_KEY": "eyJhbGciOiJIUzI1NiIs..."12 }13 }14 }15}Expected result: Your configuration file contains the Supabase MCP server entry with your project credentials.
Restart your AI host and verify the connection
Restart your AI host and verify the connection
Fully quit and reopen Claude Desktop, Cursor, or VS Code. The Supabase MCP server will start and authenticate with your project. Once connected, its tools will appear in the available tools list. In Claude Desktop, click the hammer icon to see all Supabase operations available.
Expected result: The Supabase MCP server shows as connected with tools for database, auth, storage, and edge functions.
Explore and manage your database schema
Explore and manage your database schema
Ask the AI to list your tables, describe schemas, or create new tables. The Supabase MCP server can execute DDL statements (CREATE TABLE, ALTER TABLE) as well as queries. It can also set up Row Level Security policies, which is critical for any Supabase project exposed to client-side access.
1Example prompts:23"List all tables in my Supabase database and their row counts"45"Create a new table called 'bookmarks' with columns: id (uuid, primary key), user_id (uuid, references auth.users), url (text), title (text), created_at (timestamptz)"67"Add a Row Level Security policy on the bookmarks table so users can only read and write their own bookmarks"Expected result: The AI creates or modifies tables and RLS policies in your Supabase project.
Manage auth, storage, and edge functions
Manage auth, storage, and edge functions
Beyond the database, the Supabase MCP server can help configure authentication providers, manage storage buckets and policies, and work with edge functions. Ask the AI to set up OAuth providers, create storage buckets with proper access rules, or help write and deploy edge functions.
1Example prompts:23"Show me the current auth configuration and list all enabled providers"45"Create a storage bucket called 'avatars' with a 5MB file size limit and a policy allowing authenticated users to upload to their own folder"67"Generate TypeScript types from my current database schema"Expected result: The AI manages auth settings, storage buckets, and edge functions through the Supabase API.
Configure for VS Code with the servers key
Configure for VS Code with the servers key
For VS Code with GitHub Copilot, use the servers key instead of mcpServers. Create a .vscode/mcp.json file in your workspace root. The command, args, and env values remain the same.
1{2 "servers": {3 "supabase": {4 "command": "npx",5 "args": [6 "-y",7 "@supabase/mcp-server-supabase"8 ],9 "env": {10 "SUPABASE_URL": "https://your-project-ref.supabase.co",11 "SUPABASE_SERVICE_ROLE_KEY": "eyJhbGciOiJIUzI1NiIs..."12 }13 }14 }15}Expected result: VS Code recognizes the Supabase MCP server and Copilot can manage your Supabase project.
Complete working example
1{2 "mcpServers": {3 "supabase": {4 "command": "npx",5 "args": [6 "-y",7 "@supabase/mcp-server-supabase"8 ],9 "env": {10 "SUPABASE_URL": "https://your-project-ref.supabase.co",11 "SUPABASE_SERVICE_ROLE_KEY": "eyJhbGciOiJIUzI1NiIs..."12 }13 }14 }15}1617// VS Code variant (.vscode/mcp.json):18// {19// "servers": {20// "supabase": {21// "command": "npx",22// "args": ["-y", "@supabase/mcp-server-supabase"],23// "env": {24// "SUPABASE_URL": "https://your-project-ref.supabase.co",25// "SUPABASE_SERVICE_ROLE_KEY": "eyJhbGciOiJIUzI1NiIs..."26// }27// }28// }29// }3031// Key capabilities:32// - Database: create/alter tables, run SQL, manage indexes33// - RLS: create/modify Row Level Security policies34// - Auth: configure providers, manage users35// - Storage: create buckets, set policies, manage files36// - Edge Functions: list, create, deploy Deno functions37// - Types: generate TypeScript types from schema38// - Migrations: create and manage database migrations3940// Find your credentials:41// Supabase Dashboard > Settings > API42// Project URL: https://abcdefgh.supabase.co43// service_role key: eyJhbGciOiJIUzI1NiIs...Common mistakes when using the Supabase MCP server
Why it's a problem: Using the anon key instead of the service_role key
How to avoid: The anon key is subject to RLS policies and has limited permissions. The Supabase MCP server needs the service_role key to manage schemas, policies, and platform features. Find it in Settings > API in your Supabase Dashboard.
Why it's a problem: Using the generic PostgreSQL MCP server instead of the Supabase-specific one
How to avoid: The generic @modelcontextprotocol/server-postgres only provides SQL query access. The @supabase/mcp-server-supabase integrates with auth, storage, edge functions, RLS management, and type generation. Use the Supabase-specific server for Supabase projects.
Why it's a problem: Forgetting to enable RLS on newly created tables
How to avoid: Tables created through the MCP server do not have RLS enabled by default. Always ask the AI to enable RLS and create appropriate policies after creating a new table, especially if the table will be accessed from client-side code.
Why it's a problem: Committing the service_role key to version control
How to avoid: The service_role key has full admin access and bypasses all RLS. Add your MCP config file to .gitignore immediately. If the key is compromised, rotate it in Supabase Dashboard > Settings > API.
Best practices
- Always enable RLS and create policies when the AI creates new tables
- Use the Supabase MCP server instead of the generic Postgres server for Supabase projects
- Ask the AI to generate TypeScript types after schema changes to keep your code in sync
- Review RLS policies the AI creates to ensure they match your security requirements
- Keep your service_role key out of version control and shared configurations
- Use the AI to audit existing RLS policies for security gaps
- Combine with the filesystem MCP server so the AI can update your frontend code after schema changes
- Test in a development project before connecting to production
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I have a Supabase project and want to set up the official Supabase MCP server so my AI assistant can manage my database, auth, and storage. Walk me through finding my credentials, configuring the server in Claude Desktop, and testing it.
List all tables in my Supabase database, then create a new 'comments' table with id, user_id (references auth.users), post_id, body, and created_at columns. Enable RLS and add policies so users can read all comments but only create and delete their own.
Frequently asked questions
What is the difference between the Supabase MCP server and the PostgreSQL MCP server?
The PostgreSQL MCP server provides read-only SQL query access to any Postgres database. The Supabase MCP server is a superset — it includes SQL access plus Supabase-specific features like auth management, storage buckets, edge functions, RLS policy management, and TypeScript type generation.
Can the AI accidentally break my production database?
The service_role key gives full admin access, so yes, the AI could potentially modify or delete data. Always use a development project for experimentation. In Claude Desktop, you get an approval dialog before each action. For production projects, consider connecting with a more restricted role.
Does this work with Supabase Local Development?
Yes. If you are running Supabase locally with supabase start, use your local project URL (usually http://localhost:54321) and the local service_role key printed by the CLI. This is the safest way to experiment.
Can I connect to multiple Supabase projects?
Yes. Add multiple entries in your mcpServers config with different names like supabase-dev and supabase-prod, each with its own URL and service_role key. Then tell the AI which project to use in your prompts.
Is this compatible with Lovable's built-in Supabase integration?
They serve different purposes. Lovable's built-in integration manages Supabase through the Lovable editor. The MCP server connects your local AI assistant (Claude Desktop, Cursor) to Supabase directly. You can use both — Lovable for browser-based development and the MCP server for local AI-assisted work.
Can RapidDev help me set up a Supabase project with proper MCP integration?
Yes. RapidDev specializes in helping teams architect Supabase backends with proper RLS policies, edge functions, and AI tool integration. If you need help designing your database schema, security model, or MCP workflow, RapidDev can accelerate the process.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation