Connect Supabase Postgres to Directus

← Back to Supabase Integration

You run self-hosted Directus against a Supabase PostgreSQL database. You need one Supabase project for Postgres, a host where you run Docker Compose (or another runtime), and environment variables that match Supabase's connection details.

You often pair a Supabase-backed application with Directus for an admin surface and marketing CMS.

Before You Start

You will need:

A Supabase project with PostgreSQL available
A machine or host where you can run Docker and Docker Compose
Network access from that host to Supabase Postgres on port 5432 (direct connection, not transaction pooler mode)

Get the direct connection string from Supabase

Supabase exposes more than one connection mode. Use the direct database connection on port 5432 for Directus. Use transaction pooler mode on port 6543 only after you confirm your driver and workload behave correctly with pooling.

Open the Supabase Dashboard and select your project
Go to Project Settings and open the Database section
Find the Connection string or connection parameters for Direct connection / URI
Copy the values you map into Directus:
- Host (for example db.<project-ref>.supabase.co)
- Port (default 5432 for direct)
- Database name (often postgres)
- User (often postgres or the database user Supabase shows)
- Password (the database user password)

Keep the password secret. Use Docker secrets or your host secret manager in production.

Configure Directus with Docker Compose

Create a docker-compose.yml that runs the official Directus image and passes database settings through the environment.

Map Supabase values to these variables:

Variable	Purpose
`DB_CLIENT`	Set to `pg` for PostgreSQL
`DB_HOST`	Supabase database host
`DB_PORT`	`5432` for direct connection
`DB_DATABASE`	Database name from Supabase
`DB_USER`	Database user
`DB_PASSWORD`	Database password

Example:

services:
  directus:
    image: directus/directus:11.17.0
    ports:
      - 8055:8055
    environment:
      SECRET: "replace-with-a-random-string"
      PUBLIC_URL: "http://localhost:8055"
      DB_CLIENT: "pg"
      DB_HOST: "db.your-project-ref.supabase.co"
      DB_PORT: "5432"
      DB_DATABASE: "postgres"
      DB_USER: "postgres"
      DB_PASSWORD: "your-database-password"

Set PUBLIC_URL to the URL clients use to reach Directus. Add other required variables for your environment (see General and Self-hosting: Deploying).

Configure SSL

Supabase recommends SSL for Postgres connections; production projects often enforce it. Turn on SSL for the Directus database connection and adjust verification if your environment requires it.

Set DB_SSL to true so the client connects over TLS.
Use DB_SSL__REJECT_UNAUTHORIZED to control certificate verification:
- Leave verification on when the server certificate chains to a public CA that Node.js trusts.
- Set DB_SSL__REJECT_UNAUTHORIZED to false only when you accept the weaker trust model (for example corporate TLS inspection). Prefer DB_SSL__CA or DB_SSL__CA_FILE when you can supply the right CA instead. See Database and Environment variables.

Example additions to environment:

      DB_SSL: "true"
      # Optional; include only if you need to override verification behavior
      DB_SSL__REJECT_UNAUTHORIZED: "true"

If the connection fails with TLS or certificate errors, confirm your host can reach Supabase on the direct port, then read Supabase's SSL documentation for your project.

If your runtime is IPv4-only, Supabase direct connections can fail because direct mode is IPv6 by default. Use Supabase session pooler mode (also port 5432) as the fallback and keep SSL enabled.

Row Level Security (RLS)Directus connects to PostgreSQL with one database user and issues queries with that user's privileges. Supabase RLS policies do not apply to data accessed through Directus in the same way they do for the Supabase client scoped to an end-user JWT.Do not rely on RLS to enforce access control for content edited in Directus. Configure Directus permissions and roles and API tokens instead.

Verify the connection

Start the stack: docker compose up (or your orchestrator equivalent)
Watch logs for successful startup and database migration messages
Open Directus at PUBLIC_URL, complete onboarding if prompted, and sign in
In the Data Studio, confirm collections load and create a test item in a non-system collection when you have one

If Directus cannot connect, recheck host, port (direct vs pooler), password, firewall egress to 5432, and SSL settings.

Optional: Directus Labs starters

When you start from a Directus starter template instead of a blank docker-compose.yml, keep the starter frontend and tooling as that repository documents. Replace only the Directus database environment so DB_HOST, DB_PORT, DB_DATABASE, DB_USER, DB_PASSWORD, and SSL variables match your Supabase project (same values as earlier in this guide). Set the starter Directus base URL variables to your running instance. Add Supabase Storage variables only when you want uploads in Supabase.

Next Steps

Get once-a-month release notes & real‑world code tips...no fluff. 🐰

Supabase

Connect self-hosted Directus to Supabase Postgres and Supabase Storage, and use Directus Labs starters with a Supabase database.

Use Supabase Storage with Directus

Configure Directus to store files in Supabase Storage using the S3-compatible API and the Directus S3 storage driver.