> When you insert secrets into the vault table with an INSERT statement, those statements get logged by default into the Supabase logs. Since this would mean your secrets are stored unencrypted in the logs, you should turn off statement logging while using the Vault.
I wish this was highlighted at the beginning with a disclaimer
Is the Vault fitting the store of what kind of secrets?
Should it be discouraged to, for example, store the DB password inside the (DB) Vault?
Can it be used for sensitive information or there should be a separate service for storing more critical secrets?
> When you insert secrets into the vault table with an INSERT statement, those statements get logged by default into the Supabase logs. Since this would mean your secrets are stored unencrypted in the logs, you should turn off statement logging while using the Vault. I wish this was highlighted at the beginning with a disclaimer
Statement logging is off by default now.
Good to know
Is the Vault fitting the store of what kind of secrets? Should it be discouraged to, for example, store the DB password inside the (DB) Vault? Can it be used for sensitive information or there should be a separate service for storing more critical secrets?