# Supabase MCP Server — Postgres + Admin Tools (API Key Gate)

> Supabase MCP Server connects MCP clients to Supabase Postgres and admin APIs, using env-based config and an API key gate to reduce unsafe default exposure.

## Install

Merge the JSON below into your `.mcp.json`:

## Quick Use

1. Install:
   ```bash
   pipx install supabase-mcp-server
   # or
   uv pip install supabase-mcp-server
   ```
2. Find the full executable path (Claude Desktop needs it):
   ```bash
   which supabase-mcp-server
   ```
3. Add to `claude_desktop_config.json`:
   ```json
   {
     "mcpServers": {
       "supabase": {
         "command": "/full/path/to/supabase-mcp-server",
         "env": {
           "QUERY_API_KEY": "your-api-key",
           "SUPABASE_PROJECT_REF": "your-project-ref",
           "SUPABASE_DB_PASSWORD": "your-db-password",
           "SUPABASE_REGION": "us-east-1"
         }
       }
     }
   }
   ```

## Intro

Supabase MCP Server connects MCP clients to Supabase Postgres and admin APIs, using env-based config and an API key gate to reduce unsafe default exposure.

- **Best for:** Supabase teams that want agent access to database + management APIs with explicit configuration and safer defaults
- **Works with:** Supabase project ref + DB password, optional management/auth keys, MCP clients (Cursor/Windsurf/Cline/Claude Desktop)
- **Setup time:** 15-35 minutes

## Practical Notes

- Quant: the README notes an API-key requirement (from thequery.dev), which acts as a gate against accidental public exposure.
- Quant: Claude Desktop requires an absolute binary path—treat that as a deployment checklist item to avoid spawn errors.

## Why it matters

Supabase projects often blend DB access and admin operations (auth, management). This server is useful when you want that capability behind an MCP boundary and explicit configuration.

- Supports multiple MCP clients and provides concrete per-client setup instructions.
- Environment-variable config is explicit, which makes it easier to audit what the agent can touch.
- The docs highlight common path/config pitfalls, which reduces onboarding time.

## Rollout pattern

- Start with database read-only tasks (schema + queries) before enabling management or auth-admin capabilities.
- Separate environments: local dev uses local ref; production uses project ref with least-privilege keys.
- Record which tools are used in the first 10 sessions and tighten configuration based on observed needs.

## Watchouts

Any server that can touch auth/admin APIs is high-impact. Keep keys scoped, avoid running on shared machines, and add audit logging before you allow write operations.

### FAQ

**Q: Do I have to use pipx?**
A: No. The README shows uv and source installs too, but pipx is the recommended isolated install path.

**Q: Why does Claude Desktop need the full path?**
A: Claude Desktop spawns processes from a config file and often can’t resolve PATH the same way as your shell.

**Q: What should I enable first?**
A: Start with schema exploration and simple SELECT queries; add management API access only if you truly need it.

## Source & Thanks

> Source: https://github.com/alexander-zuev/supabase-mcp-server
> License: Apache-2.0
> GitHub stars: 820 · forks: 105

---

<!-- ZH -->

## 快速使用

1. 安装：
   ```bash
   pipx install supabase-mcp-server
   # 或
   uv pip install supabase-mcp-server
   ```
2. 找到可执行文件的绝对路径（Claude Desktop 需要）：
   ```bash
   which supabase-mcp-server
   ```
3. 写入 `claude_desktop_config.json`：
   ```json
   {
     "mcpServers": {
       "supabase": {
         "command": "/full/path/to/supabase-mcp-server",
         "env": {
           "QUERY_API_KEY": "your-api-key",
           "SUPABASE_PROJECT_REF": "your-project-ref",
           "SUPABASE_DB_PASSWORD": "your-db-password",
           "SUPABASE_REGION": "us-east-1"
         }
       }
     }
   }
   ```

## 简介

Supabase MCP Server 让 MCP 客户端连接 Supabase Postgres 与管理 API，并通过环境变量配置与 API Key 闸门降低默认暴露风险，适合把“查库 + 管理”变成可控的 Agent 工具集。

- **适合谁：** Supabase 团队：希望 Agent 能查库也能做管理，但需要明确配置与更安全默认值
- **可搭配：** Supabase project ref + DB 密码，可选管理/Auth key，MCP 客户端（Cursor/Windsurf/Cline/Claude Desktop）
- **准备时间：** 15-35 分钟

## 实战建议

- 量化信息：README 提到需要 API key（thequery.dev），可作为避免默认暴露的闸门。
- 量化信息：Claude Desktop 必须用绝对路径；把它写进部署清单，避免 spawn ENOENT。

## 为什么值得收录

Supabase 往往同时涉及查库与管理动作（Auth/Management）。这个 MCP server 的价值在于把这些能力放进明确配置的边界里，便于审计与收敛。

- 覆盖多客户端并给出具体配置指南，落地更快。
- env 配置清晰，便于审计 Agent 能访问哪些能力。
- 主动提示常见路径/配置坑，降低新手接入成本。

## 落地路径

- 先做只读任务（schema/查询），再逐步开启管理或 auth-admin 能力。
- 环境隔离：本地用 local ref；生产用 project ref + 最小权限 key。
- 记录前 10 次会话用到的工具，再按实际需求收紧配置。

## 注意事项

能触达 auth/admin API 的服务影响很大：务必最小权限、避免共享机器运行，并在开放写操作前加审计日志。

### FAQ

**一定要用 pipx 吗？**
答：不一定。README 也支持 uv/源码安装，但 pipx 更推荐，因为环境隔离更好。

**为什么 Claude Desktop 必须写绝对路径？**
答：Claude Desktop 通过配置文件拉起子进程，PATH 解析常与终端不一致。

**先开启什么能力最稳？**
答：先从 schema 与 SELECT 查询开始；只有确实需要时再开放管理 API。

## 来源与感谢

> Source: https://github.com/alexander-zuev/supabase-mcp-server
> License: Apache-2.0
> GitHub stars: 820 · forks: 105


---
Source: https://tokrepo.com/en/workflows/supabase-mcp-server-postgres-admin-tools-api-key-gate
Author: MCP Hub