Supabase Storage: Bucket Management

Supabase Storage provides a cloud file storage service designed for binary assets like images, PDF documents, and videos. Files are organized inside folders called Buckets.

1. Public vs Private Storage Buckets

When creating a bucket, you must configure its access permissions:

Public Buckets

• Access: Files can be read by anyone without needing an authentication token.
• Use Case: Suitable for website images, profile avatars, and product photos.
• Security: Files are accessible via public URLs.

Private Buckets

• Access: Reading files requires sending a JWT token or generating a temporary signed URL.
• Use Case: Suitable for user invoices, medical documents, and private digital files.

2. Creating Buckets in the Dashboard

To create a storage bucket:

1. Navigate to the Supabase Dashboard -> Storage -> New Bucket.
2. Enter a name (for example, avatars).
3. Toggle the Public option based on your requirements.
4. Click Create bucket.

3. Storage Security Policies

Like database tables, Supabase Storage buckets use RLS policies to determine upload and download rights.

Navigate to the Storage Policies page to write rules:

-- Allow authenticated users to upload files to the avatars bucket
CREATE POLICY "Allow uploads"
ON storage.objects
FOR INSERT
TO authenticated
WITH CHECK (
  bucket_id = 'avatars' 
  AND auth.uid()::text = (storage.foldername(name))[1]
);

This RLS policy checks that files are uploaded to the avatars bucket, and restricts users to uploading assets only into folder paths matching their user UUID.