[pull] master from supabase:master

apps/docs/content/guides/local-development/customizing-email-templates.mdx

@@ -32,13 +32,49 @@ content_path = "./supabase/templates/invite.html"
 
 ## Available email templates
 
-There are several Auth email templates which can be configured:
+There are several Auth email templates which can be configured. Each template serves a specific authentication flow:
 
-- `auth.email.template.invite`
-- `auth.email.template.confirmation`
-- `auth.email.template.recovery`
-- `auth.email.template.magic_link`
-- `auth.email.template.email_change`
+### `auth.email.template.invite`
+
+**Default subject**: "You have been invited"
+**When sent**: When a user is invited to join your application via email invitation
+**Purpose**: Allows administrators to invite users who don't have accounts yet
+**Content**: Contains a link for the invited user to accept the invitation and create their account
+
+### `auth.email.template.confirmation`
+
+**Default subject**: "Confirm Your Signup"
+**When sent**: When a user signs up and needs to verify their email address
+**Purpose**: Email verification for new user registrations
+**Content**: Contains a confirmation link to verify the user's email address
+
+### `auth.email.template.recovery`
+
+**Default subject**: "Reset Your Password"
+**When sent**: When a user requests a password reset
+**Purpose**: Password recovery flow for users who forgot their password
+**Content**: Contains a link to reset the user's password
+
+### `auth.email.template.magic_link`
+
+**Default subject**: "Your Magic Link"
+**When sent**: When a user requests a magic link for passwordless authentication
+**Purpose**: Passwordless login using email links
+**Content**: Contains a secure link that automatically logs the user in when clicked
+
+### `auth.email.template.email_change`
+
+**Default subject**: "Confirm Email Change"
+**When sent**: When a user requests to change their email address
+**Purpose**: Verification for email address changes
+**Content**: Contains a confirmation link to verify the new email address
+
+### `auth.email.template.reauthentication`
+
+**Default subject**: "Confirm Reauthentication"
+**When sent**: When a user needs to re-authenticate for sensitive operations
+**Purpose**: Additional verification for sensitive actions (like changing password, deleting account)
+**Content**: Contains a 6-digit OTP code for verification
 
 ## Template variables
 

apps/docs/content/guides/local-development/managing-config.mdx

@@ -56,3 +56,13 @@ client_id = "env(GITHUB_CLIENT_ID)"
 secret = "env(GITHUB_SECRET)"
 redirect_uri = "" # Overrides the default auth redirectUrl.
 ```
+
+### Going further
+
+For more advanced secrets management workflows, including:
+
+- **Using dotenvx for encrypted secrets**: Learn how to securely manage environment variables across different branches and environments
+- **Branch-specific secrets**: Understand how to manage secrets for different deployment environments
+- **Encrypted configuration values**: Use encrypted values directly in your `config.toml`
+
+See the [Managing secrets for branches](/docs/guides/deployment/branching#managing-secrets-for-branches) section in our branching documentation, or check out the [dotenvx example repository](https://github.com/supabase/supabase/blob/master/examples/slack-clone/nextjs-slack-clone-dotenvx/README.md) for a complete implementation.

apps/docs/spec/cli_v1_config.yaml

@@ -895,14 +895,14 @@ parameters:
       - name: 'Auth Server configuration'
         link: 'https://supabase.com/docs/reference/auth'
 
-  - id: 'auth.email.otp_exp'
-    title: 'auth.email.otp_exp'
+  - id: 'auth.email.otp_expiry'
+    title: 'auth.email.otp_expiry'
     tags: ['auth']
     required: false
-    default: '300'
+    default: '3600'
     description: |
       The expiry time for an OTP code in seconds.
-      Default is 300 seconds (5 minutes).
+      Default is 3600 seconds (1 hour).
     links:
       - name: 'Auth Server configuration'
         link: 'https://supabase.com/docs/reference/auth'