Staticbot logoStaticbot.dev
    New workflow

    Download Your Project as a Migration Package — Apply with Claude Code

    Targeting a self-hosted Supabase that lives inside your VPC? Staticbot doesn't need network access to it. We run discovery + export against the source, then hand you a password-protected ZIP. Claude Code (or Codex/Gemini) applies it locally.

    Published May 15, 20265 min read

    If your target Supabase is reachable from the internet (e.g. a hosted Supabase project), Staticbot can run the migration end-to-end in the cloud. If it isn't — because it's self-hosted inside a private VPC, on a Tailscale net, or behind your own firewall — the downloadable package gives you the same migration without exposing anything. Same 8-phase pipeline; the apply step just runs on your machine instead of ours.

    When to use the downloadable package

    Self-hosted Supabase

    Your target lives in a VPC, on-prem, or behind a firewall Staticbot can't reach.

    Compliance / sovereignty

    You'd rather have data flow through your own machine and your own network — not Staticbot's infra.

    You already live in your editor

    Claude Code, Codex, Gemini CLI. You'd rather drive the apply step from a terminal you already trust.

    Step 1 — Pick "Self-hosted Supabase (downloadable package)" as your target

    When you create the migration, choose the second option under Migration Target. Staticbot will run discovery and export against the source (Lovable Cloud, hosted Supabase, etc.) — but instead of writing into a live target, it will bundle the output into a downloadable ZIP.

    Prepare migration screen — choosing 'Self-hosted Supabase (downloadable package)' as the migration target
    Prepare Migration — choose Self-hosted Supabase (downloadable package).

    Step 2 — Let Staticbot run discovery and pack the export

    Same first half of the pipeline as a cloud-managed migration: Staticbot inventories your source project (schema, data, storage objects, edge functions, auth users, OAuth identities, secrets, cron jobs), exports everything, and assembles it into a single archive. When it's ready, the migration details page shows a "Migration Package Ready" panel with a download link and an unzip password.

    Migration Details page showing the 'Migration Package Ready' panel with Download ZIP and Copy Password buttons
    Migration Details — the package is ready. Grab the ZIP and the unzip password.

    What's inside the package

    Everything the apply step needs, plus a CLAUDE.md that tells Claude (or Codex/Gemini) what to do with it.

    Ordered SQL migrations

    Schema and dependency-ordered DDL ready to run via psql.

    Data dumps

    Table rows in dependency order so foreign keys resolve cleanly.

    Storage objects

    Buckets and files, ready to upload to your self-hosted Storage API.

    Edge function source

    All edge functions from the source, deployable via the Supabase CLI.

    Auth users + OAuth identities

    Recreated on the target so existing users can sign in unchanged.

    Secrets + cron jobs

    Vault secrets and pg_cron schedules captured for reapply.

    Step 3 — Unzip and open the folder

    The archive is AES-256 password-protected — copy the password from the dashboard and use it to unzip. From the migration details panel, the actual flow is four short steps:

    # 1. Unzip with the password from the dashboard
    unzip -P "<password>" migration-package.zip
    
    # 2. cd into the unzipped folder
    cd migration-package
    
    # 3. Run Claude Code in that folder
    claude code
    
    # 4. Tell Claude what to do
    > follow CLAUDE.md to apply this migration to my self-hosted Supabase

    The download link is time-limited (a few hours) — once you've downloaded the ZIP locally, you can re-run the apply as many times as you want against a clean target.

    Step 4 — Claude follows CLAUDE.md and applies

    The bundled CLAUDE.md is a generic apply script. Claude reads it, asks for your self-hosted Supabase connection details (Postgres URL, service role key, storage endpoint), and then runs the same phases a cloud migration would — locally, against your instance:

    1

    DB Migration

    Applies ordered SQL migrations via psql; enables required Postgres extensions.

    2

    Data Import

    Imports table rows in dependency order, then uploads storage objects.

    3

    Edge Functions

    Deploys each edge function to your self-hosted Supabase via the Supabase CLI.

    4

    Auth + OAuth identities

    Recreates auth users and links each OAuth identity (Google, GitHub, etc.) to the right user.

    5

    Secrets + cron

    Reapplies vault secrets, env vars, and pg_cron scheduled jobs.

    6

    Verify

    Sanity-checks row counts and bucket contents, then prints what (if anything) needs manual follow-up.

    OAuth provider configuration is not in the package — Supabase doesn't expose provider client secrets via its Management API, so the provider config (Client ID, Client Secret, callback URLs) has to be re-entered manually in your self-hosted Supabase's Auth → Providers UI. Identity rows are migrated, so once the providers are reconnected, existing OAuth users can sign in unchanged.

    Security model

    AES-256 password-protected ZIP

    The password is generated per-migration and shown only on your dashboard. The ZIP is useless without it.

    Short-lived download URL

    The download link expires after a few hours. Once you've grabbed the ZIP, the apply step runs entirely on your machine.

    No inbound access to your network

    Staticbot never connects to your self-hosted Supabase. Credentials for the target stay on your laptop.

    Re-runnable

    If the first apply hits an issue, fix it and re-run. The CLAUDE.md script is idempotent where the underlying Supabase APIs allow.

    Migrate to your own Supabase — without exposing it

    Pick the downloadable target, grab the ZIP, and let Claude Code apply it locally. Same 8-phase pipeline; nothing reaches into your VPC.

    Related reading