@@ -290,6 +290,55 @@ export default class Coolify {
290290 }
291291 return servers . data [ 0 ] . uuid
292292 }
293+ async updateSecrets ( {
294+ serviceUUID,
295+ postgres_db,
296+ postgres_password,
297+ edgeFunctionSecret,
298+ deployToken,
299+ supabase_url
300+ } : {
301+ serviceUUID : string
302+ postgres_db : string
303+ postgres_password : string
304+ deployToken : string
305+ edgeFunctionSecret : string
306+ supabase_url : string
307+ } ) {
308+ const localPort = 5432
309+ const tunnel = new TCPTunnelClient (
310+ `${ this . supabase_api_url } ${ serviceUUID } ,
311+ localPort ,
312+ deployToken
313+ )
314+ console . log ( `Starting a tunnel to postgres on local port ${ localPort } )
315+ await tunnel . connect ( )
316+ console . log ( 'Tunnel connected' )
317+ const sql = postgres (
318+ `postgres://postgres:${ postgres_password } ${ localPort } ${ postgres_db }
319+ )
320+ const existingEdgeFunctionSecret =
321+ await sql `SELECT id FROM vault.decrypted_secrets where name = 'edge-function-secret'`
322+ const edgeFunctionSecretUUID =
323+ existingEdgeFunctionSecret . length > 0
324+ ? existingEdgeFunctionSecret [ 0 ] . id
325+ : null
326+ const existingSupabaseProjectURLSecret =
327+ await sql `SELECT id FROM vault.decrypted_secrets where name = 'supabase_project_url'`
328+ const supabaseProjectURLSecretUUID =
329+ existingSupabaseProjectURLSecret . length > 0
330+ ? existingSupabaseProjectURLSecret [ 0 ] . id
331+ : null
332+ if ( edgeFunctionSecretUUID ) {
333+ await sql `SELECT vault.update_secret(${ edgeFunctionSecretUUID } ${ edgeFunctionSecret }
334+ }
335+ if ( supabaseProjectURLSecretUUID ) {
336+ await sql `SELECT vault.update_secret(${ supabaseProjectURLSecretUUID } ${ supabase_url }
337+ }
338+ await sql . end ( )
339+ await tunnel . disconnect ( )
340+ console . log ( 'Secrets updated' )
341+ }
293342 private async getSupabaseServiceUUIDOrCreateNewOne ( {
294343 supabaseComponentName,
295344 ephemeral
@@ -374,6 +423,8 @@ export default class Coolify {
374423 value : deploymentKey
375424 }
376425 } )
426+ // Generate a random 64-character edge function secret
427+ const edgeFunctionSecret = randomBytes ( 32 ) . toString ( 'hex' )
377428
378429 await this . createEnvsForService ( {
379430 serviceUUID : backendServiceUUID ,
@@ -402,6 +453,10 @@ export default class Coolify {
402453 {
403454 key : 'AWS_SECRET_ACCESS_KEY' ,
404455 value : process . env . AWS_SECRET_ACCESS_KEY
456+ } ,
457+ {
458+ key : 'EDGE_FUNCTION_SECRET' ,
459+ value : edgeFunctionSecret
405460 }
406461 ]
407462 } )
@@ -453,6 +508,7 @@ export default class Coolify {
453508 const deploymentKey = getServiceEnvOrThrow (
454509 'SERVICE_SUPABASE_FUNCTIONS_DEPLOYMENT_KEY'
455510 )
511+ const edgeFunctionSecret = getServiceEnvOrThrow ( 'EDGE_FUNCTION_SECRET' )
456512
457513 console . log ( `SERVICE_SUPABASE_URL: ${ supabase_url } )
458514 await this . createOrUpdateEnv ( {
@@ -470,6 +526,15 @@ export default class Coolify {
470526 uuid : backendServiceUUID
471527 }
472528 } )
529+ //Update vault secrets
530+ await this . updateSecrets ( {
531+ serviceUUID : backendServiceUUID ,
532+ deployToken : deploymentKey ,
533+ postgres_db,
534+ postgres_password,
535+ edgeFunctionSecret,
536+ supabase_url
537+ } )
473538 }
474539 return {
475540 backendServiceUUID,
0 commit comments