supautils

supautils : Extension that secures a cluster on a cloud environment

Overview

ID	Extension	Package	Version	Category	License	Language
7010	supautils	supautils	`3.1.0`	SEC	Apache-2.0	C

Attribute	Has Binary	Has Library	Need Load	Has DDL	Relocatable	Trusted
--sL---	No	Yes	Yes	No	no	no

Relationships
See Also	passwordcheck_cracklib pgsodium supabase_vault pg_session_jwt anon pg_tde pgsmcrypto pgaudit

Packages

Type	Repo	Version	PG Major Compatibility	Package Pattern	Dependencies
EXT	PIGSTY	`3.1.0`	18 17 16 15 14	`supautils`	-
RPM	PIGSTY	`3.1.0`	18 17 16 15 14	`supautils_$v`	-
DEB	PIGSTY	`3.1.0`	18 17 16 15 14	`postgresql-$v-supautils`	-

Linux / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
el8.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
el9.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
el9.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
el10.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
el10.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
d12.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
d12.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
d13.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
d13.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
u22.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
u22.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
u24.x86_64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0
u24.aarch64	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0	PIGSTY 3.1.0

Package	Version	OS	ORG	SIZE	File URL
`supautils_18`	`3.1.0`	el8.x86_64	pigsty	30.7 KiB	supautils_18-3.1.0-1PIGSTY.el8.x86_64.rpm
`supautils_18`	`3.1.0`	el8.aarch64	pigsty	29.7 KiB	supautils_18-3.1.0-1PIGSTY.el8.aarch64.rpm
`supautils_18`	`3.1.0`	el9.x86_64	pigsty	29.4 KiB	supautils_18-3.1.0-1PIGSTY.el9.x86_64.rpm
`supautils_18`	`3.1.0`	el9.aarch64	pigsty	28.1 KiB	supautils_18-3.1.0-1PIGSTY.el9.aarch64.rpm
`supautils_18`	`3.1.0`	el10.x86_64	pigsty	29.4 KiB	supautils_18-3.1.0-1PIGSTY.el10.x86_64.rpm
`supautils_18`	`3.1.0`	el10.aarch64	pigsty	28.6 KiB	supautils_18-3.1.0-1PIGSTY.el10.aarch64.rpm
`postgresql-18-supautils`	`3.1.0`	d12.x86_64	pigsty	23.7 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~bookworm_amd64.deb
`postgresql-18-supautils`	`3.1.0`	d12.aarch64	pigsty	22.6 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~bookworm_arm64.deb
`postgresql-18-supautils`	`3.1.0`	d13.x86_64	pigsty	23.9 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~trixie_amd64.deb
`postgresql-18-supautils`	`3.1.0`	d13.aarch64	pigsty	22.9 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~trixie_arm64.deb
`postgresql-18-supautils`	`3.1.0`	u22.x86_64	pigsty	24.9 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~jammy_amd64.deb
`postgresql-18-supautils`	`3.1.0`	u22.aarch64	pigsty	23.7 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~jammy_arm64.deb
`postgresql-18-supautils`	`3.1.0`	u24.x86_64	pigsty	24.5 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~noble_amd64.deb
`postgresql-18-supautils`	`3.1.0`	u24.aarch64	pigsty	23.5 KiB	postgresql-18-supautils_3.1.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`supautils_17`	`3.1.0`	el8.x86_64	pigsty	30.7 KiB	supautils_17-3.1.0-1PIGSTY.el8.x86_64.rpm
`supautils_17`	`3.1.0`	el8.aarch64	pigsty	29.7 KiB	supautils_17-3.1.0-1PIGSTY.el8.aarch64.rpm
`supautils_17`	`3.1.0`	el9.x86_64	pigsty	29.4 KiB	supautils_17-3.1.0-1PIGSTY.el9.x86_64.rpm
`supautils_17`	`3.1.0`	el9.aarch64	pigsty	28.1 KiB	supautils_17-3.1.0-1PIGSTY.el9.aarch64.rpm
`supautils_17`	`3.1.0`	el10.x86_64	pigsty	29.4 KiB	supautils_17-3.1.0-1PIGSTY.el10.x86_64.rpm
`supautils_17`	`3.1.0`	el10.aarch64	pigsty	28.6 KiB	supautils_17-3.1.0-1PIGSTY.el10.aarch64.rpm
`postgresql-17-supautils`	`3.1.0`	d12.x86_64	pigsty	23.7 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~bookworm_amd64.deb
`postgresql-17-supautils`	`3.1.0`	d12.aarch64	pigsty	22.6 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~bookworm_arm64.deb
`postgresql-17-supautils`	`3.1.0`	d13.x86_64	pigsty	23.9 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~trixie_amd64.deb
`postgresql-17-supautils`	`3.1.0`	d13.aarch64	pigsty	22.9 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~trixie_arm64.deb
`postgresql-17-supautils`	`3.1.0`	u22.x86_64	pigsty	24.9 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~jammy_amd64.deb
`postgresql-17-supautils`	`3.1.0`	u22.aarch64	pigsty	23.7 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~jammy_arm64.deb
`postgresql-17-supautils`	`3.1.0`	u24.x86_64	pigsty	24.5 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~noble_amd64.deb
`postgresql-17-supautils`	`3.1.0`	u24.aarch64	pigsty	23.5 KiB	postgresql-17-supautils_3.1.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`supautils_16`	`3.1.0`	el8.x86_64	pigsty	30.8 KiB	supautils_16-3.1.0-1PIGSTY.el8.x86_64.rpm
`supautils_16`	`3.1.0`	el8.aarch64	pigsty	29.8 KiB	supautils_16-3.1.0-1PIGSTY.el8.aarch64.rpm
`supautils_16`	`3.1.0`	el9.x86_64	pigsty	29.5 KiB	supautils_16-3.1.0-1PIGSTY.el9.x86_64.rpm
`supautils_16`	`3.1.0`	el9.aarch64	pigsty	28.1 KiB	supautils_16-3.1.0-1PIGSTY.el9.aarch64.rpm
`supautils_16`	`3.1.0`	el10.x86_64	pigsty	29.6 KiB	supautils_16-3.1.0-1PIGSTY.el10.x86_64.rpm
`supautils_16`	`3.1.0`	el10.aarch64	pigsty	28.6 KiB	supautils_16-3.1.0-1PIGSTY.el10.aarch64.rpm
`postgresql-16-supautils`	`3.1.0`	d12.x86_64	pigsty	23.7 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~bookworm_amd64.deb
`postgresql-16-supautils`	`3.1.0`	d12.aarch64	pigsty	22.6 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~bookworm_arm64.deb
`postgresql-16-supautils`	`3.1.0`	d13.x86_64	pigsty	23.9 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~trixie_amd64.deb
`postgresql-16-supautils`	`3.1.0`	d13.aarch64	pigsty	22.9 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~trixie_arm64.deb
`postgresql-16-supautils`	`3.1.0`	u22.x86_64	pigsty	25.0 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~jammy_amd64.deb
`postgresql-16-supautils`	`3.1.0`	u22.aarch64	pigsty	23.7 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~jammy_arm64.deb
`postgresql-16-supautils`	`3.1.0`	u24.x86_64	pigsty	24.5 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~noble_amd64.deb
`postgresql-16-supautils`	`3.1.0`	u24.aarch64	pigsty	23.5 KiB	postgresql-16-supautils_3.1.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`supautils_15`	`3.1.0`	el8.x86_64	pigsty	31.4 KiB	supautils_15-3.1.0-1PIGSTY.el8.x86_64.rpm
`supautils_15`	`3.1.0`	el8.aarch64	pigsty	30.2 KiB	supautils_15-3.1.0-1PIGSTY.el8.aarch64.rpm
`supautils_15`	`3.1.0`	el9.x86_64	pigsty	30.5 KiB	supautils_15-3.1.0-1PIGSTY.el9.x86_64.rpm
`supautils_15`	`3.1.0`	el9.aarch64	pigsty	29.6 KiB	supautils_15-3.1.0-1PIGSTY.el9.aarch64.rpm
`supautils_15`	`3.1.0`	el10.x86_64	pigsty	31.2 KiB	supautils_15-3.1.0-1PIGSTY.el10.x86_64.rpm
`supautils_15`	`3.1.0`	el10.aarch64	pigsty	30.0 KiB	supautils_15-3.1.0-1PIGSTY.el10.aarch64.rpm
`postgresql-15-supautils`	`3.1.0`	d12.x86_64	pigsty	24.3 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~bookworm_amd64.deb
`postgresql-15-supautils`	`3.1.0`	d12.aarch64	pigsty	23.2 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~bookworm_arm64.deb
`postgresql-15-supautils`	`3.1.0`	d13.x86_64	pigsty	24.5 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~trixie_amd64.deb
`postgresql-15-supautils`	`3.1.0`	d13.aarch64	pigsty	23.4 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~trixie_arm64.deb
`postgresql-15-supautils`	`3.1.0`	u22.x86_64	pigsty	25.7 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~jammy_amd64.deb
`postgresql-15-supautils`	`3.1.0`	u22.aarch64	pigsty	25.0 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~jammy_arm64.deb
`postgresql-15-supautils`	`3.1.0`	u24.x86_64	pigsty	25.5 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~noble_amd64.deb
`postgresql-15-supautils`	`3.1.0`	u24.aarch64	pigsty	25.0 KiB	postgresql-15-supautils_3.1.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`supautils_14`	`3.1.0`	el8.x86_64	pigsty	31.4 KiB	supautils_14-3.1.0-1PIGSTY.el8.x86_64.rpm
`supautils_14`	`3.1.0`	el8.aarch64	pigsty	30.2 KiB	supautils_14-3.1.0-1PIGSTY.el8.aarch64.rpm
`supautils_14`	`3.1.0`	el9.x86_64	pigsty	30.6 KiB	supautils_14-3.1.0-1PIGSTY.el9.x86_64.rpm
`supautils_14`	`3.1.0`	el9.aarch64	pigsty	29.6 KiB	supautils_14-3.1.0-1PIGSTY.el9.aarch64.rpm
`supautils_14`	`3.1.0`	el10.x86_64	pigsty	30.9 KiB	supautils_14-3.1.0-1PIGSTY.el10.x86_64.rpm
`supautils_14`	`3.1.0`	el10.aarch64	pigsty	30.0 KiB	supautils_14-3.1.0-1PIGSTY.el10.aarch64.rpm
`postgresql-14-supautils`	`3.1.0`	d12.x86_64	pigsty	24.3 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~bookworm_amd64.deb
`postgresql-14-supautils`	`3.1.0`	d12.aarch64	pigsty	23.2 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~bookworm_arm64.deb
`postgresql-14-supautils`	`3.1.0`	d13.x86_64	pigsty	24.5 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~trixie_amd64.deb
`postgresql-14-supautils`	`3.1.0`	d13.aarch64	pigsty	23.4 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~trixie_arm64.deb
`postgresql-14-supautils`	`3.1.0`	u22.x86_64	pigsty	25.7 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~jammy_amd64.deb
`postgresql-14-supautils`	`3.1.0`	u22.aarch64	pigsty	25.0 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~jammy_arm64.deb
`postgresql-14-supautils`	`3.1.0`	u24.x86_64	pigsty	25.5 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~noble_amd64.deb
`postgresql-14-supautils`	`3.1.0`	u24.aarch64	pigsty	25.0 KiB	postgresql-14-supautils_3.1.0-1PIGSTY~noble_arm64.deb

Source

Repository

github.com/supabase/supautils

Source Tarball

supautils-3.1.0.tar.gz

pig build pkg supautils;		# build rpm/deb

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install supautils;		# install via package name, for the active PG version

pig install supautils -v 18;   # install for PG 18
pig install supautils -v 17;   # install for PG 17
pig install supautils -v 16;   # install for PG 16
pig install supautils -v 15;   # install for PG 15
pig install supautils -v 14;   # install for PG 14

Config this extension to shared_preload_libraries:

shared_preload_libraries = 'supautils';

This extension does not need CREATE EXTENSION DDL command

Usage

supautils: Extension that secures a cluster on a cloud environment

supautils is a loadable library that securely allows creating event triggers, publications, and extensions for non-superusers. It is completely managed by configuration – no tables, functions, or security labels are added to your database.

Configuration

Add to postgresql.conf:

shared_preload_libraries = 'supautils'
supautils.privileged_role = 'your_privileged_role'

Or enable per-role:

ALTER ROLE role1 SET session_preload_libraries TO 'supautils';

Key GUC Parameters

Parameter	Description
`supautils.privileged_role`	Proxy role for superuser operations
`supautils.superuser`	The actual superuser (defaults to bootstrap user)
`supautils.privileged_extensions`	Extensions allowed for non-superuser installation
`supautils.privileged_role_allowed_configs`	Superuser-only settings the privileged role may change
`supautils.reserved_roles`	Roles protected from mutation by CREATEROLE users
`supautils.reserved_memberships`	Role memberships restricted from being granted
`supautils.constrained_extensions`	JSON defining resource constraints for extensions
`supautils.extensions_parameter_overrides`	JSON overriding CREATE EXTENSION parameters
`supautils.policy_grants`	JSON granting RLS policy management to non-owners
`supautils.drop_trigger_grants`	JSON granting trigger drop permission to non-owners

Non-Superuser Publications

SET ROLE privileged_role;
CREATE PUBLICATION p FOR ALL TABLES;
DROP PUBLICATION p;

Privileged Extensions

supautils.privileged_extensions = 'hstore'

Non-superusers can then create extensions that normally require superuser:

CREATE EXTENSION hstore;

Reserved Roles

supautils.reserved_roles = 'connector, storage_admin'

Users with CREATEROLE cannot ALTER or DROP these roles.

Table Ownership Bypass (RLS Policy Management)

supautils.policy_grants = '{ "my_role": ["public.not_my_table"] }'

Allows my_role to manage RLS policies on tables it does not own.

Last updated on 2026-03-12

passwordcheck_cracklib pgsodium