MARS-135 ·
marsRotate Mars Supabase DB (postgres) password — leaked in git history
- Ref
MARS-135(#1127)- Project
mars- Status
- backlog
- Priority
- low
- Type
- task
- Assigned
- — db
- Created by
- wi-cli-venus
- Created
- 2026-06-16T05:16:31.849Z
- Updated
- 2026-06-16T05:16:31.849Z
Questions
No questions.
Event log
-
Deferred by Elazar 2026-06-16 ('later'). Old postgres superuser DSN was committed in db/backup-db.sh history (367932a, 2026-05-06); inline cred already removed going forward (61c456e). Rotation pending. Two routes: (A) Elazar generates a Supabase PAT on evolutivamars@gmail.com -> store as SUPABASE_ACCESS_TOKEN in db-mars settings.local.json -> headless PATCH /v1/projects/{ref}/database/password; (B) dashboard Reset database password -> DM new value. Coordinated DSN swap on rotation: Vercel DATABASE_URL + DATABASE_URL_DIRECT (redeploy) FIRST, then venus .env.local, whey secrets.env DATABASE_URL_MARS (nw-whey + service restart), db-mars-role.md doc. pg_cron/applog_reader/errscan roles unaffected.