Part 5 — Vault, and the afternoon I deleted everything

Part 5 of 7 — Self-hosting Supabase: a learning journey I want to tell you about the afternoon I replaced all my Supabase secrets with the word change_me . My Postgres password: change_me . My JWT secret: change_me . My service role key: change_me . Everything. The services started. The health checks passed (Traefik only checks HTTP status codes). Then every API call started failing with authentication errors. I SSH'd in, checked the running environment, and saw it immediately. One wrong command had replaced the entire secret store with a single key-value pair. The good news is that HashiCorp Vault keeps a full version history. I recovered everything from version 7 of my secret. But it was a stressful 20 minutes, and I will explain exactly how to not do this mistake. Why bother with Vault The alternative to Vault is keeping secrets in .env files on the server. This works, but it has problems. The obvious one: if you ever commit a .env file to git by mistake, your credentials are in ver

Part 5 — Vault, and the afternoon I deleted everything

Related Articles

I Built a Visual Pathfinding Tool to Understand Uninformed Search Algorithms. Here’s What I Learned

Stop Writing Go Like It’s 2017: 15 Modern Patterns You Should Be Using

Mimic @ViewBuilder

These 2 Apps Help Me Make Sense of My 100K Screenshots

How to Build a Migration-Proof Icon Picker in AEM

Related Articles

How-To
I Built a Visual Pathfinding Tool to Understand Uninformed Search Algorithms. Here’s What I Learned
Medium Programming • 11h ago

How-To
Stop Writing Go Like It’s 2017: 15 Modern Patterns You Should Be Using
Medium Programming • 11h ago

How-To
Mimic @ViewBuilder
Medium Programming • 11h ago

How-To
These 2 Apps Help Me Make Sense of My 100K Screenshots
Wired • 12h ago

How-To
How to Build a Migration-Proof Icon Picker in AEM
Medium Programming • 12h ago