Supabase Cloud to self-hosted migration trap check
Paste redacted migration notes and check whether auth users, JWT/session behavior, Storage objects, Docker secrets, backup/PITR replacement, restore version drift, Data API grants, or rollback evidence are missing before traffic moves to your self-hosted Supabase stack.
1
Database restore is not the whole migrationSupabase's restore guide excludes Storage object transfer and Edge Function redeploy from the database restore path.
2
Auth can preserve users but not every sessionUser rows can move, but JWT secrets, OAuth redirects, and re-authentication behavior need launch evidence.
3
Managed backups do not come with youSelf-hosted Supabase makes backup, PITR, restore drills, retention, and disaster recovery your responsibility before the switch.
This page runs locally in the browser. Paste only redacted notes. Do not paste database URLs, passwords, JWT secrets, service-role keys, customer rows, private screenshots, payment data, full names, private handles, or private account records.
Ready.
Want a 24h second pass on this migration packet?
If the checker finds launch-critical gaps, the fixed-scope Supabase report reviews one redacted migration packet: restore notes, auth/session plan, Storage plan, backup/PITR replacement, grant/RLS evidence, and cutover rollback.
Migration review packet
What this checks
- Restore plan: separate roles, schema, and data dump files, restore dry-run evidence, and version mismatch notes.
- Auth plan: preserved users, invalidated sessions, JWT secret decision, OAuth redirect changes, and first-login smoke tests.
- Storage plan: object transfer, bucket settings, public URL rewrite, upload/overwrite/download behavior, and CDN/cache cleanup.
- Backup/PITR plan: replacement for platform managed backups, base backup or dump schedule, WAL/PITR decision, restore drill, retention, owner, and alerts.
- Runtime plan: Docker secrets, generated API keys, SMTP, API external URL, site URL, reverse proxy, TLS, and monitoring.
- Launch plan: explicit Data API grants, RLS, RPC/function reachability, role matrix, DNS cutover, monitoring, and rollback.
Source-backed problem set
Restore from platform
Database restore scope, dump flow, included objects, excluded Storage and Edge Function work, auth/session notes, and version mismatch traps.
Self-hosting Docker
Docker requirements, production secret generation, service configuration, and self-hosted runtime setup.
Self-hosting responsibilities
Platform-only managed backups and PITR are unavailable in self-hosted configuration; backups and disaster recovery become your responsibility.
Postgres PITR
Point-in-time recovery needs a base backup plus a continuous sequence of archived WAL files, not only a logical dump.
Auth user migration
Auth users and hashed passwords can migrate, but JWT secret decisions affect existing token validity.
Data API grants rollout
New public-schema tables need explicit grants as Supabase rolls out the Data API grants change in 2026.