How we store your cloud credentials
At Neverinstall, we prioritize the security of our client's data. To ensure the safe storage of all client API and access keys, we utilize 'Supabase Vault'.
Supabase Vault is a secure storage solution designed to store secrets without exposing any sensitive information. It is an ideal storage location for API keys, access tokens, and other secrets from external services that need to be accessed within your database.
We simplify the process of key management by pre-generating a unique, per-database key that is used by default. This key, known as the "root" key, is stored outside of the SQL language and can only be accessed internally in the Postgres server by the libsodium library.
The root key is managed by the pgsodium Postgres extension when the server boots, using Server Key Management.
pgsodium is a tool that provides an Encryption and Key Derivation API based on the libsodium library. It can source its root key from various places, depending on how it is configured.
Supabase generates and preserves your project's root key behind the scenes, eliminating the need for you to manage it. If you install pgsodium locally, the default configuration generates a random root key from the
/dev/urandomdevice. This key is then saved in a file in your Postgres data directory.