The Scenario
You are a security engineer. Your company's SOC 2 audit starts in two weeks. One of the audit items is verifying that only approved environment variables exist in your Supabase projects and that a rotation schedule is in place.
Your production Supabase project has secrets configured. You need a list of every secret name — values masked, names visible — in an Excel workbook, with a "Last Rotated" column for you to fill in manually.
The slow version:
- You open the Supabase dashboard and navigate to Edge Functions > Secrets
- The page shows secret names but no export
- You type the names into a workbook by hand
- You have three other Supabase projects to document
- You spend an hour copying names across four dashboards, and by the time you are done, you are not confident the list is complete.
The fast version is one prompt.
The Easy Way: One Prompt in SheetXAI
SheetXAI reads your Supabase secrets list directly and writes the audit-ready inventory into the workbook, so you do not have to click through dashboards or type names by hand.
Open the SheetXAI sidebar and type:
List all secrets for Supabase project abc123. Write secret name and any non-sensitive metadata into this workbook — note that values will be masked. Add a blank "Last Rotated" column C for me to fill in manually.
SheetXAI calls the Supabase secrets API, retrieves all secret names (values never exposed), and writes the formatted list with the blank rotation column.
What You Get
A secrets audit workbook ready for the SOC 2 review:
- One row per secret — name visible, value never written
- Blank "Last Rotated" column — ready for you to fill in from rotation records
- All secrets captured — no dashboard clicking, no manual typing
You hand the workbook to the auditor. The rotation schedule gets filled in from your team's records. The audit item closes.
What If the Audit Needs More Context
A flat secrets list is the starting point. SheetXAI can enrich and cross-reference in the same prompt.
When you need to audit secrets across multiple projects
List all secrets for Supabase project abc123 and write names into column A with "abc123" in column B. Append secrets for project xyz789 with "xyz789" in column B. Continue for all four projects. Add a blank "Last Rotated" column C.
When you want to flag secrets matching a deprecated pattern
List all secrets for Supabase project abc123 and write names into this workbook. In column C, flag any secret whose name starts with "LEGACY_" as "DEPRECATED — DELETE."
When you want to cross-reference against an approved list
List all secrets for Supabase project abc123 and write names into this workbook. In column B, check whether each name appears in the Approved tab column A — if not, label it "UNAUTHORIZED."
When you need the full secrets audit across all projects in one shot
List all secrets for Supabase projects abc123, xyz789, def456, and ghi012. Write project ref and secret name into the Raw tab. In the Audit tab, flag any secret starting with "LEGACY_" as "DEPRECATED" and any secret not in the Approved tab as "UNAUTHORIZED." In the Summary tab, write total secret count per project and count of flagged secrets per project.
The pattern: the prompt captures the compliance context the auditor needs, not just the names.
Try It
Get the 7-day free trial of SheetXAI and open any Excel workbook, then ask it to list the secrets for your Supabase project. The Supabase integration is included in every SheetXAI plan. For related workflows, see how to export API keys for governance or the Supabase in Excel overview.