Storage

Store and serve
any type of digital content

An open source Object store with unlimited scalability, for any file type.

With custom policies and permissions that are familiar and easy to implement.

storage header
storage header

Interoperable

Integrates well with the rest of Supabase ecosystem, including Auth and Postgres.

Lightning fast

Thin API server layer that leverages Postgres' permissions and performance.

Dependable

Enterprise-level scalability and durability.

Sleek dashboard for managing your media

A complete Object Explorer so that any of your team can use.

Drag and drop uploading, moving objects, and multiple object selection. As easy as working on your desktop.

File previews

Preview any media type, including video and audio.

View documentation about undefinedView documentation

Column view

Slick Miller-column navigation for rapid folder exploration.

View documentation about undefinedView documentation

List view

List View to find detailed File metadata at a glance.

View documentation about undefinedView documentation

Multi select actions

Multi-import and multi-export. Select multiple files from multiple folders.

View documentation about undefinedView documentation

Path navigator

If you know the exact path of your file, type it in and navigate directly.

View documentation about undefinedView documentation
Check out our example app

Profile management example

Update a user account with public profile information, including uploading a profile image.

supabase GitHub profile picturesupabase

Simple and convenient APIs

Built from the ground up for interoperable authentication.

Fast and easy to implement using our powerful library clients. Asset optimization and image transformation coming soon!

CDN

Serve from the edge to reduce latency.

Transformations

Resize and compress your media before you serve it.

Coming soon

// Upload an image to the "avatars" bucket
const spaceCat = event.target.files[0]
const { data, error } = await supabase
  .storage
  .from('avatars')
  .upload('space-cat.png', spaceCat)
  
  
  


  

// Download the "space-cat.png" image from the "avatars" bucket
const { data, error } = await supabase
    .storage
    .from('avatars')
    .download('space-cat.png')





        
  

// List all the files in the "avatars" bucket
const { data, error } = await supabase
    .storage
    .from('avatars')
    .list()





        
  

// Move and rename files
const { data, error } = await supabase
  .storage
  .from('avatars')
  .move('public/space-cat.png', 'private/space-cat.png')






        
  

// Delete a list of files
const { data, error } = await supabase
  .storage
  .from('avatars')
  .remove([ 'avatar1.png', 'avatar2.png' ])







        
  

Integrates natively
with Supabase Auth

Using Postgres Row Level Security to create Object access rules.

Storage Authorization is built around Postgres so that you can use any combination of SQL, Postgres functions, and even your own metadata to write policies.

Explore documentation
create policy "Public Access" 
on storage.objects for all 
using ( bucket_id = 'avatars' );
    
create policy "Public access to a folder" 
on storage.objects for all 
using (
  bucket_id = 'avatars' 
  and (storage.foldername(name))[1] = 'public' 
);
    
create policy "Logged in access" 
on storage.objects 
for all using (
  bucket_id = 'avatars' 
  and auth.role() = 'authenticated'
);
create policy "Individual access" 
on storage.objects for all 
using (
  bucket_id = 'avatars' 
  and name = 'folder/only_uid.jpg' 
  and auth.uid() = 'd8c7bce9-cfeb-497b-bd61-e66ce2cbdaa2'
);

Allow public CRUD access to a bucket

This will allow any user access to the bucket named 'avatars'

Allow public CRUD access to a folder in a bucket

This will allow any user access to the folder named 'public' in the bucket 'avatars'

Allow any authenticated user access to a folder

This will allow any authenticated user access to the folder named 'authenticated' in the bucket 'avatars'

Allow a specific user access to a file

This will allow a specific user based on the user's UID access to a file named 'only_uid.jpg'

Build in a weekend, scale to millions