You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix private spaces docs: salt parameter and private bucket access
- Updated stringToCipherKey to show identity-specific salt parameter
instead of hardcoded "salt" string, with usage example
- Fixed Load Homebase section to use createSignedUrl() or download()
instead of getPublicUrl() which doesn't work for private buckets
Co-Authored-By: Claude Opus 4.5 <[email protected]>
identity.rootKeys.salt// 32-byte random nonce from identity
108
+
);
103
109
```
104
110
111
+
The `identitySalt` comes from the identity's `rootKeys.salt` field - a 32-byte random nonce generated when the identity is created. This ensures each identity derives unique encryption keys even if private keys were somehow similar.
Private buckets require authenticated access. Use one of these methods:
225
+
226
+
**Option 1: Time-limited signed URL**
227
+
```typescript
228
+
// Creates a temporary URL valid for the specified duration
229
+
const { data, error } =awaitsupabase.storage
230
+
.from("private")
231
+
.createSignedUrl("{identityKey}/homebase", 60); // expires in 60 seconds
232
+
233
+
const response =awaitfetch(data.signedUrl);
216
234
```
217
-
GET Supabase.storage.from("private").getPublicUrl("{identityKey}/homebase")
235
+
236
+
**Option 2: Authenticated download (requires user JWT)**
237
+
```typescript
238
+
// Direct download with authenticated client
239
+
const { data, error } =awaitsupabase.storage
240
+
.from("private")
241
+
.download("{identityKey}/homebase");
218
242
```
219
243
244
+
Note: `getPublicUrl()` does not work for private buckets - it only generates URLs for public buckets. Always use `createSignedUrl()` for time-limited access or `download()` with an authenticated Supabase client.
0 commit comments