Security Center

Security Center gives you centralized control over sensitive configuration and credentials. Access it from your project settings sidebar.

Written By Nick Gatzoulis

Last updated 2 months ago

Image

Three core capabilities:

  1. Environment Variables - Manage .env files directly in your GitHub repository

  2. Supabase Secrets - Manage secrets stored in your Supabase project

  3. Security Audit - Scan for vulnerabilities (coming soon, Pro feature)

Note: Only workspace owners and admins can access Security Center. This protects your sensitive credentials from unauthorized access.

Environment Variables

Create and manage .env files in your GitHub repository without leaving App2.

When environment variables are unavailable

Yellow warning alert appears when:

  • Project is not in READY status

  • Project is frozen (operation in progress)

  • Chat sessions are actively processing

Fix: Wait for current operations to complete. The warning banner explains the specific reason.

Supabase Secrets

Manage secrets stored in your Supabase project via the Supabase Management API.

Note: Secret values are never exposed after creation. You'll need to recreate a secret to change its value.

Prerequisites

Required:

  • Supabase project linked to your App2 project

  • Workspace owner or admin role

To link Supabase:

  1. Go to Settings β†’ Integrations β†’ Supabase

  2. Click Connect Supabase

  3. Complete OAuth flow

  4. Select your Supabase project

Security Audit (Coming Soon)

Comprehensive security scanning for your projects.

Planned features

Dependency Vulnerability Scanning

  • Detect known vulnerabilities in npm packages

  • CVE tracking with severity ratings

  • Weekly automatic scans

Exposed Secret Detection

  • Scan codebase for accidentally committed credentials

  • Detect API keys, tokens, passwords in code

  • Alert before secrets reach production

Security Configuration Checks

  • Identify security misconfigurations

  • Framework-specific security recommendations

  • Best practice violations

Detailed Reports

  • Severity ratings (Critical, High, Medium, Low)

  • Remediation recommendations with code examples

  • Historical trend tracking

Scheduled Scans

  • Automatic weekly scans every Sunday

  • Email notifications for new issues

  • Track resolution progress over time

Availability

Security Audit requires a Pro, Lifetime, or Ultra subscription.

To enable:

  1. Upgrade your workspace to Pro or higher

  2. Access Security Center β†’ Security Audit tab

  3. Run your first scan

Permissions

Security Center is restricted to workspace owners and admins to protect sensitive credentials.

Who can access

Role

Environment Variables

Supabase Secrets

Security Audit

Owner

βœ… Full access

βœ… Full access

βœ… Full access

Admin

βœ… Full access

βœ… Full access

βœ… Full access

Member

❌ No access

❌ No access

❌ No access

Why restricted?

Environment variables and secrets contain sensitive data:

  • API keys for payment processors (Stripe, PayPal)

  • Database credentials and connection strings

  • JWT secrets and encryption keys

  • OAuth client secrets

  • Third-party service tokens

Only trusted team members should access these credentials.

Request access

If you need access to Security Center:

  1. Ask your workspace owner or admin to grant you admin role

  2. They can update your role in Workspace Settings β†’ Team

Troubleshooting

Best Practices

Related links