Supabase Cloud to self-hosted migration trap check

Paste redacted migration notes and check whether auth users, JWT/session behavior, Storage objects, Docker secrets, restore version drift, Data API grants, or rollback evidence are missing before traffic moves to your self-hosted Supabase stack.

Review migration notes See fixed-scope report

Database restore is not the whole migrationSupabase's restore guide excludes Storage object transfer and Edge Function redeploy from the database restore path.

Auth can preserve users but not every sessionUser rows can move, but JWT secrets, OAuth redirects, and re-authentication behavior need launch evidence.

Self-hosted defaults are production-sensitiveDocker secrets, API keys, SMTP, URLs, reverse proxy, and version mismatch notes need review before the switch.

Project label

Migration context

Redacted migration notes Evidence already captured

roles.sql, schema.sql, and data.sql restore plan captured auth.users, JWT/session, OAuth redirect, and first-login behavior captured Storage buckets, object transfer, URL rewrite, and upload smoke tests captured self-hosted Docker secrets, API keys, SMTP, and external URLs regenerated Data API grants, RLS, RPC, and role-matrix tests captured rollback, DNS cutover, backup, and post-cutover monitoring captured

This page runs locally in the browser. Paste only redacted notes. Do not paste database URLs, passwords, JWT secrets, service-role keys, customer rows, private screenshots, payment data, full names, private handles, or private account records.

Ready.

Want a 24h second pass on this migration packet?

If the checker finds launch-critical gaps, the fixed-scope Supabase report reviews one redacted migration packet: restore notes, auth/session plan, Storage plan, grant/RLS evidence, and cutover rollback.

Check paid report scope Read self-hosted sample

Migration review packet

What this checks

Restore plan: separate roles, schema, and data dump files, restore dry-run evidence, and version mismatch notes.
Auth plan: preserved users, invalidated sessions, JWT secret decision, OAuth redirect changes, and first-login smoke tests.
Storage plan: object transfer, bucket settings, public URL rewrite, upload/overwrite/download behavior, and CDN/cache cleanup.
Runtime plan: Docker secrets, generated API keys, SMTP, API external URL, site URL, reverse proxy, TLS, and monitoring.
Launch plan: explicit Data API grants, RLS, RPC/function reachability, role matrix, DNS cutover, backup, and rollback.

Source-backed problem set

Restore from platform Database restore scope, dump flow, included objects, excluded Storage and Edge Function work, auth/session notes, and version mismatch traps. Self-hosting Docker Docker requirements, production secret generation, service configuration, and self-hosted runtime setup. Auth user migration Auth users and hashed passwords can migrate, but JWT secret decisions affect existing token validity. Data API grants rollout New public-schema tables need explicit grants as Supabase rolls out the Data API grants change in 2026.