SupaForge
SUPABASE ENVIRONMENT DIFF & SYNC TOOL

Diff and sync your
Supabase environments.

SupaForge detects differences between two Supabase environments and helps sync them — before they cause incidents. Postgres schema & data mismatches, RLS policy differences, missing Edge Functions, storage, auth and config changes.

What we detect

Every check that can prevent production incidents — all in one place

🗄️
Postgres Schema & Data
Tables, columns, indexes, constraints, views, triggers, functions, sequences out of sync between environments
🔒
RLS Policy Differences
Row Level Security policies changed in dashboard but not committed to code
Edge Functions
Different function versions deployed across dev, staging, and prod
🪣
Storage & Configs
Bucket metadata, policies and settings missing or mismatched between projects
🔑
Auth Settings
OAuth providers, JWT config, MFA, CAPTCHA and 20+ auth settings diverging silently
Cron Jobs
Scheduled jobs disappearing after deployments or differing between envs
📋
Reference Data
Seed tables, lookup data, and feature flags out of sync across environments
🔔
Database Webhooks
pg_net config and supabase_functions.hooks diverging silently
📡
Realtime Publications
Which tables are published for Supabase Realtime — mismatches break live subscriptions
🔐
Vault Secrets
Secret names and descriptions that exist in one environment but not the other
🧩
Postgres Extensions
Detect pgvector, pg_graphql, pg_stat_statements and other extensions missing between envs

How it works

Connect once, stay in sync forever

01
Connect your Projects
Add your Supabase project URLs and service role keys for each environment.
02
Run a Scan
SupaForge queries every check and builds a difference report in seconds.
03
Review & Promote
See exactly what's different, then promote changes from one env to the next.

Security & Trust

We take the security of your database credentials seriously — here's how we protect them

🔐
AES-256-GCM Encryption at Rest
All database credentials and API keys are encrypted server-side with AES-256-GCM before being stored. Plaintext credentials never persist in our database.
🔒
TLS 1.3 Encryption in Transit
All connections between your browser and SupaForge use TLS 1.3 (256-bit). Every request is encrypted end-to-end.
🛡️
Row-Level Security
Every database query is scoped to your authenticated user via Supabase RLS. No user can ever access another user's projects or credentials.
🗑️
Server-Side Only Decryption
Credentials are only decrypted in our server-side worker when running a scan. They are never sent to the browser or exposed via any API response.
🇪🇺
GDPR Compliant
Akal Software Ltd is registered with the UK ICO (Information Commissioner's Office) and complies with European GDPR data protection laws.
🔑
Open Source CLI
The SupaForge CLI is fully open source — scan logic and all check implementations are publicly auditable on GitHub.