0
0
Supabasecloud~20 mins

Environment variables and secrets in Supabase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Supabase Secrets Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does Supabase handle environment variables in serverless functions?

Supabase allows you to set environment variables for your serverless functions. What happens if you try to access an environment variable that is not set?

AThe function returns undefined or null for the missing variable.
BThe function throws a runtime error and stops execution.
CThe function returns an empty string for the missing variable.
DThe function uses a default value defined in the Supabase dashboard.
Attempts:
2 left
💡 Hint

Think about how environment variables behave in Node.js when not set.

security
intermediate
2:00remaining
What is the safest way to store API keys in Supabase projects?

You want to use a third-party API key in your Supabase project. Which method ensures the key is kept secret and not exposed to users?

ASave the API key in a public table in the Supabase database.
BHardcode the API key directly in the client-side JavaScript code.
CStore the API key in Supabase environment variables and access it only in serverless functions.
DInclude the API key in the URL query parameters of client requests.
Attempts:
2 left
💡 Hint

Consider where client-side code can be seen by users.

Configuration
advanced
2:00remaining
What is the correct way to access a secret environment variable in a Supabase Edge Function?

Given you have set an environment variable named MY_SECRET in your Supabase project, how do you access it inside an Edge Function?

Supabase
export default async function handler(req) {
  // Access the secret here
  const secret = Deno.env.get('MY_SECRET');
  return new Response(secret);
}
Aconst secret = window.env.MY_SECRET;
Bconst secret = Deno.env.get('MY_SECRET');
Cconst secret = supabase.env.MY_SECRET;
Dconst secret = process.env.MY_SECRET;
Attempts:
2 left
💡 Hint

Supabase Edge Functions run on Deno runtime, not Node.js.

Architecture
advanced
2:00remaining
How should you architect a Supabase project to securely use multiple environment variables for different deployment stages?

You have development, staging, and production environments. How do you manage environment variables securely and efficiently across these stages in Supabase?

ACreate separate Supabase projects for each stage, each with its own environment variables.
BUse the same environment variables for all stages and rely on code to switch behavior.
CStore all variables in one project and prefix variable names with the stage name.
DKeep environment variables in a shared public database table with stage tags.
Attempts:
2 left
💡 Hint

Think about isolation and risk of leaking secrets between stages.

Best Practice
expert
3:00remaining
What is the recommended practice to rotate secrets stored as environment variables in Supabase without downtime?

You need to update a secret API key stored in Supabase environment variables used by Edge Functions. How do you rotate the secret safely without causing downtime or errors?

AStore both old and new secrets in the same variable separated by a comma and parse them in code.
BDelete the old secret variable first, then add the new one and redeploy functions.
CUpdate the environment variable directly and redeploy all functions immediately.
DDeploy new functions that read the new secret variable while old functions still use the old one, then switch traffic gradually.
Attempts:
2 left
💡 Hint

Consider how to avoid breaking running functions during secret updates.