Migrate from Supabase

Move off Supabase onto Cloudflare — without pretending it's a drop-in.

Supabase is excellent managed Postgres, auth, storage, and realtime. Moving to a Cloudflare-native stack means Postgres → D1 (SQLite), Auth → passwordless email-code, Storage → R2, and Realtime → Durable Objects. Some of those are config; three of them are real rebuilds. This page is honest about which, then hands you the agent skill that does the work.

pnpm create microservices-app@latest my-app --template saas-starter-sveltekit

Local-first · no login · Node ≥ 20 · driven by the supabase-to-microservices agent skill

Concept mapping

How Supabase maps onto Cloudflare-native.

Supabase	microservices.sh / Cloudflare	Note
Postgres tables	D1 (SQLite) via Drizzle	Type conversions: uuid→text, timestamptz→epoch, jsonb→text
Row Level Security (RLS)	Permission checks at the Worker boundary	No DB-enforced RLS in D1 — enforced in code
Supabase Auth (password, OAuth, magic link)	Passwordless email-code auth	Passwords & social do not carry over
Storage buckets	R2 buckets	Public/signed-URL model differs
Realtime (postgres changes, presence)	Durable Objects + WebSocket	No drop-in — rebuilt
Edge Functions (Deno)	Workers / module use-case files
pg_cron / pgvector	Cron Triggers / Vectorize

The migration

Five steps, plan-first and approval-gated.

01

Assess the source

Inventory tables, types, RLS policies, auth providers, storage buckets, realtime subscriptions, and row counts before moving anything.
02

Pick template & modules

Start from a customer-backed template; add email for transactional mail and payment if users are billed.
03

Translate schema to D1/Drizzle

Convert Postgres types to SQLite (uuid→text, timestamptz→epoch, jsonb→text, serial→autoincrement) and recreate FKs and indexes.
04

Move the data

Export as CSV/SQL, transform to D1 column types, load to local D1 first, verify counts and joins before any approval-gated remote import.
05

Cut over auth

Import email + id into the customer table; users re-verify by email code on first visit; map every RLS policy to an explicit Worker-boundary check.

What doesn't port 1:1

The real cost — no surprises.

Passwords & OAuth don't transfer — users re-verify by email code on first login. Plan the re-verification flow.
D1 has no row-level security. Every RLS policy becomes an explicit permission check in code at the Worker boundary.
Realtime is not a drop-in — postgres-changes/presence are rebuilt as Durable Objects + WebSocket.
Deno Edge Functions are rewritten to the Workers runtime; some Deno APIs have no equivalent.
SQLite has no native uuid, timestamptz, jsonb, array, or enum types — each needs an explicit translation.

pnpm create microservices-app@latest my-app --template saas-starter-sveltekit

See the quickstart

Lands on these modules

Customer →Auth →Email →Payment →

Still deciding? Read the evaluation-intent comparison: microservices.sh vs Supabase & BaaS →

Move off Supabase onto Cloudflare — without pretending it's a drop-in.

How Supabase maps onto Cloudflare-native.

Five steps, plan-first and approval-gated.

Assess the source

Pick template & modules

Translate schema to D1/Drizzle

Move the data

Cut over auth

The real cost — no surprises.