Free tools for Supabase developers
Instant, no-account utilities for the things Supabase makes you sweat over: security, RLS, schema, and leaked keys. Three run entirely in your browser.
Security Scanner
See what a stranger can read from your Supabase project.
Open toolRLS Generator
in-browserGenerate correct Row-Level-Security policies, and explain any policy in plain English.
Open toolSchema Visualizer
in-browserPaste SQL DDL, get an entity-relationship diagram.
Open toolType Generator
in-browserTurn your Postgres schema into TypeScript interfaces or Zod schemas.
Open toolSecret Scanner
in-browserCatch leaked API keys, service-role tokens, and DB URLs in your code.
Open tool
Free tools for Supabase and Postgres developers
These are the small utilities we kept reaching for while building Suparbase, so we made them free and put them in one place. Each one solves a single job well and asks for nothing in return. There is no sign-up, no email wall, and no trial timer.
The Security Scanner tells you which of your tables an anonymous visitor can read right now. The RLS Policy Generator writes correct Row-Level Security SQL from a pattern and explains policies you already have. The Schema Visualizer turns your DDL into an entity-relationship diagram. The Secret Scanner catches leaked keys and connection strings in code and config. Three run fully in your browser, and the scanner keeps nothing.
They also share a theme. Most Supabase security problems trace back to two things: a key that reached the browser, and a table without the right Row-Level Security policy. These tools help you find and fix both. When you want that checking to happen continuously rather than on demand, that is what a Suparbase account is for.
Frequently asked questions
- Are these tools really free?
- Yes. Every tool on this page is free and needs no account. Three of them run entirely in your browser, and the security scanner is stateless, so nothing you enter is stored.
- Do I need a Suparbase account to use them?
- No. The tools work on their own. An account adds the parts a one-off tool cannot do, like continuous security scanning, a live RLS simulator, and a full admin workspace for your data.
- Is my data safe?
- The RLS generator, schema visualizer, and secret scanner never send anything to a server. The security scanner uses your public anon key in flight to read your project and stores none of it.
The tools are the teaser. The workspace is the product.
A full admin for any Supabase project, with an encrypted server-side proxy, AI-assisted writes, agent attribution, and continuous security monitoring.