Open Claude Code in a project folder and its Supabase MCP connects to exactly that project — on the correct account, read-only by default. No more logging out to switch. Tokens stay encrypted in your OS keychain and never touch disk.
Free & open source · An unofficial community project, not affiliated with Supabase or Anthropic
The default Supabase MCP uses OAuth and connects one organization at a time. With a personal account and a company account across several organizations, you end up logging out and back in to switch — and a session open in a company project can still be pointed at your personal database.
Log out, log back in, hope the session is on the right account. One wrong window and you run a query against the wrong database.
Each directory is pinned to one project on one account. Open Claude Code there and the correct database connects automatically — verified live.
A Personal Access Token is per account, not per organization — it reaches every org and project in that account. A personal and a company login are just two tokens.
supa-mcp link writes a .mcp.json that pins one project_ref and names its account. Claude Code auto-loads it from the folder it starts in.
At each connection Claude Code runs supa-mcp headers, which reads the token from the Keychain in memory. Nothing secret is ever written to .mcp.json.
| Default Supabase MCP | supa-mcp | |
|---|---|---|
| Accounts at once | One org via OAuth | Every account & org, side by side |
| Switching projects | Log out, log back in | Automatic — pinned per directory |
| Wrong-account risk | A session can point at the wrong DB | Live guard flags a mislinked directory |
| Token storage | OAuth session | OS keychain, never on disk |
| Default access | Read-write | Read-only unless you opt in |
| Config in the repo | — | .mcp.json holds no secret, safe to commit |
Requires jq and curl, plus the OS keychain — security on macOS (built in) or secret-tool (libsecret) on Linux. Install jq with brew install jq or apt install jq.
This adds the CLI, the /supa-* slash commands, and the skill. Then put the CLI on your PATH.
/plugin marketplace add im-shubhamsharma/supabase-mcp /plugin install supa-mcp@supa-mcp supa-mcp install
Create a token at supabase.com/dashboard/account/tokens. The prompt hides your input and stores the token straight into the Keychain — never paste it into a chat.
supa-mcp account add personal supa-mcp account add company
See what a token can reach, then pin this folder to the right project. Read-only by default — add --write only when you mean it.
# list the orgs & projects this account can see supa-mcp whoami company # in your project folder, pin it cd ~/work/company-app supa-mcp link --account company --project-ref abcd1234
Start a fresh session in that directory. Accept the workspace-trust prompt and the one-time Keychain prompt (choose Always Allow). The Supabase MCP is now connected to that exact project. Inside Claude Code, drive everything with /supa-add, /supa-link, /supa-status, /supa-list, and /supa-unlink.
The CLI is supa-mcp. Run supa-mcp doctor anytime to check dependencies, PATH, and the current directory.
| Command | Purpose |
|---|---|
account add <name> | Store a Personal Access Token in the Keychain (hidden prompt). |
account list | List registered accounts and whether each token is present. |
account remove <name> | Delete an account and its token. |
whoami <account> | Show the orgs and projects a token can see. |
projects <account> | List an account's projects (name, ref, org). |
link --account <n> --project-ref <ref> | Write ./.mcp.json for this directory. --write to allow writes. |
status | Show and live-verify this directory's binding. |
unlink | Remove the server from ./.mcp.json. |
doctor | Check dependencies and current-directory status. |
supa-mcp), encrypted at rest and viewable in Keychain Access.app..mcp.json holds only a project_ref and a helper command — no secret. The registry, env, and git never hold a token.read_only=true. Writes require an explicit --write at link time.supa-mcp status checks live that the pinned project really belongs to the linked account, so you catch a mislinked directory before running anything.Star it, read the source, or open an issue — contributions welcome, including Linux and Windows Keychain backends.