Skip to content

feat(cli): port gen signing-key #5501

Merged
Coly010 merged 4 commits into
supabase:developfrom
7ttp:feat/signing-key
Jun 8, 2026
Merged

feat(cli): port gen signing-key #5501
Coly010 merged 4 commits into
supabase:developfrom
7ttp:feat/signing-key

Conversation

@7ttp

@7ttp 7ttp commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

TL;DR

ports supabase gen signing-key to ts

whats introduced

This adds a native ts implementation for supabase gen signing-key

preserves the existing behavior for --algorithm and --append,
generates JWK signing keys, loads auth.signing_keys_path from supabase/config.toml,
resolves the configured path the same way as go did, handles overwrite vs append flows,
writes the signing keys file directly, keeps the existing stdout/stderr split so the generated key stays shell friendly

also added integration coverage...

ref:

closes CLI-1311

@7ttp 7ttp requested a review from a team as a code owner June 7, 2026 16:12
@7ttp 7ttp changed the base branch from main to develop June 7, 2026 16:20
@7ttp 7ttp force-pushed the feat/signing-key branch from c626789 to 540d8d8 Compare June 7, 2026 16:46
@7ttp 7ttp force-pushed the feat/signing-key branch from 6fa903c to 82e1b7a Compare June 7, 2026 17:11
@7ttp 7ttp self-assigned this Jun 7, 2026
7ttp and others added 3 commits June 8, 2026 05:38
@7ttp
nitpick
afe940a
@Coly010
refactor(cli): address review feedback on gen signing-key
bb9813b 
- Display the project-relative config path (Go's utils.ConfigPath) in the
  setup hint instead of the resolved absolute path.
- Load and validate the signing-keys config before generating a key, matching
  Go's fail-fast order (no throwaway crypto on a broken config).
- Drop the textOutputLayer bypass in confirmOverwrite; a json/stream-json
  NonInteractiveError now cleanly cancels the overwrite via orElseSucceed,
  preserving the CLI-1546 stdout-payload contract.
- Pass '--' to 'git check-ignore' so a path beginning with '-' is never parsed
  as a flag.
- Use Effect.fnUntraced for internal helpers; inline the vacuous
  isStoredSigningKeyJwk guard.
- Tests: mock ChildProcessSpawner for the gitignore branch instead of spawning
  real git; merge setup/setupTracked; add RS256 JWK-field, malformed-config,
  non-array key file, and absolute signing_keys_path coverage.
@Coly010
Merge branch 'develop' into feat/signing-key
30ad94b
@Coly010 Coly010 merged commit dc2ba5d into supabase:develop Jun 8, 2026
19 checks passed
@7ttp 7ttp deleted the feat/signing-key branch June 8, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Coly010 Coly010 Coly010 approved these changes

Assignees

@7ttp 7ttp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@7ttp @Coly010