Setting up Supabase
Database, logins, and storage in one free dashboard.
Supabase bundles the whole backend story (database, authentication, file storage) into one dashboard with a generous free tier. Its killer feature for vibe coders is that everything is visible. Your data appears in an actual table view, like a spreadsheet, so “did that save?” is answered by looking, not by writing queries.
- 1
Sign up at supabase.com with your GitHub account.
- 2
Click “New Project” and name it after your app.
- 3
Supabase hands you two values, a project URL and an API key. These are how your app finds and unlocks its database. (Recognize them? That's the Integrations section in action: Supabase is an API too, and those values belong in your
.env.local.) - 4
Hand the wiring to the agent:
Your agentSet up Supabase in this project. Here are my project URL and API key: [paste]. Put them in the env file properly, and create a table for [your data] with a page that reads and writes it.
From here, plain English runs your backend: “create a table for member profiles,” “save form submissions to Supabase,” “show each member their own RSVPs.” The agent translates.
The one safety rule
Before you share any app that stores user data, turn on Row Level Security (RLS): the database rule that says people can only see their own rows. The vibe-coded apps that made headlines in 2025 for leaking strangers' data all skipped this. The insurance costs one prompt:
Enable Row Level Security on every table and write policies so users can only read and write their own data. Then try to access another user's data and prove it fails.Note the second sentence. You're not just asking for the lock, you're asking for proof it's locked. Make the agent show its work on anything security-shaped. That's the habit.
