The Scenario
You are a platform engineer. Your company runs five Supabase projects and has a policy: no API key is more than 90 days old without rotation, and no orphaned service role keys can exist in production.
You need an Excel inventory of every API key across all five projects — key type (publishable or secret), description, and creation date — before the quarterly security review on Thursday.
The slow version:
- You log into each of the five Supabase projects in the dashboard
- You navigate to Project Settings > API for each one
- You copy the key type and description by hand — no creation date visible in the UI
- By the time you finish all five projects you have twenty-three rows in a workbook
- You realize you cannot see creation dates from the dashboard at all
- You go into the security review unable to answer "when was this key created?" for three service role keys.
The fast version is one prompt.
The Easy Way: One Prompt in SheetXAI
SheetXAI reads your Supabase API key inventory directly and writes the formatted audit workbook, so you do not have to switch between five project dashboards or guess at creation dates.
Open the SheetXAI sidebar and type:
List all API keys for Supabase project abc123 and write key ID, type (publishable or secret), description, and created_at into this workbook. Do not write the actual key values.
SheetXAI calls the Supabase API, retrieves the key metadata, and writes the formatted inventory — key values never written.
What You Get
A formatted API key inventory ready for the security review:
- One row per key — ID, type, description, creation date
- Key values never written — only the metadata the auditor needs
- Creation dates visible — the question "when was this created?" has an answer
You walk into the Thursday review with complete, accurate data. The three service role keys have creation dates. The rotation policy conversation is grounded in facts.
What If the Audit Needs to Cover Multiple Projects
A single-project inventory is the starting point. SheetXAI can span all five in the same prompt.
When you need to cover all five projects
For each project ref in column A of the Projects tab, fetch all Supabase API keys and write the project ref, key ID, type, description, and created_at into the Keys tab — one row per key. Do not write actual key values.
When you want to flag keys older than 90 days
List all API keys for Supabase projects abc123, xyz789, def456, ghi012, and jkl345. Write project ref, key type, description, and created_at into this workbook. In column E, flag any key created more than 90 days ago as "ROTATION DUE."
When you want to flag orphaned service role keys
List all API keys for Supabase project abc123 and write type, description, and created_at into this workbook. In column D, flag any key with a blank or null description as "ORPHANED — REVIEW."
When you need the full governance audit in one shot
List all API keys across Supabase projects abc123, xyz789, def456, ghi012, and jkl345. Write project ref, key type, description, and created_at into the Raw tab. In the Rotation tab, list only keys older than 90 days labeled "ROTATION DUE." In the Orphan tab, list keys with blank descriptions labeled "ORPHANED." In the Summary tab, write total key count per project and count of flagged keys per project.
The pattern: the prompt surfaces the compliance gaps the security review is looking for, not just the key list.
Try It
Get the 7-day free trial of SheetXAI and open any Excel workbook, then ask it to list the API keys for your Supabase project. The Supabase integration is included in every SheetXAI plan. For related workflows, see how to export secrets for a rotation checklist or the Supabase in Excel overview.