Hermes AgentGreySec Security - Self-Hosted Supabase
Lean, self-hosted Supabase stack for local security tooling. No cloud dependency.
Architecture
| Container | Service | Port | Purpose |
|---|---|---|---|
greysec_postgres |
Postgres + pgvector | 5432 | Database with vector search support |
greysec_postgrest |
PostgREST | 3000 | Auto-generated REST API |
greysec_gotrue |
GoTrue | 9999 | Authentication (auth, signup, OAuth) |
greysec_kong |
Kong | 9999, 9998 | API Gateway (public REST + Auth) |
greysec_analytics |
Metabase | 3001 | Analytics dashboards |
Quick Start
# 1. Navigate to the docker directory
cd ~/.hermes/scripts/supabase/docker
# 2. Copy and edit the environment file
cp .env .env.local
# Edit .env.local with your values (see Configuration below)
# 3. Start all services
docker compose up -d
# 4. Verify all containers are running
docker ps --filter "name=greysec"
Configuration
Required Environment Variables
Edit .env before starting:
# 1. Set a strong Postgres password
POSTGRES_PASSWORD=YourSecurePassword123!
# 2. Generate a JWT secret (required for auth)
openssl rand -base64 64
# Copy output to JWT_SECRET
# 3. Generate API keys
openssl rand -base64 64 # -> ANON_KEY
openssl rand -base64 64 # -> SERVICE_ROLE_KEY
# 4. Set your site URL
SITE_URL=http://localhost:9999
API_EXTERNAL_URL=http://localhost:9999
SMTP Configuration (Optional)
For email-based auth (password reset, email confirmation):
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASS=your_sendgrid_api_key
SMTP_SENDER=noreply@greysec.io
Endpoints
REST API (PostgREST via Kong)
All tables and data are accessible through the REST API:
# Base URL
http://localhost:9999/rest/
# Example: List rows from a table
curl http://localhost:9999/rest/your_table
# Example: Insert a row (with anon key)
curl -X POST http://localhost:9999/rest/your_table \
-H "Content-Type: application/json" \
-H "apikey: YOUR_ANON_KEY" \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-d '{"name": "test", "status": "active"}'
Authentication (GoTrue via Kong)
# Sign up a new user
curl -X POST http://localhost:9999/auth/v1/signup \
-H "Content-Type: application/json" \
-H "apikey: YOUR_ANON_KEY" \
-d '{"email": "user@greysec.io", "password": "SecurePass123!"}'
# Sign in
curl -X POST http://localhost:9999/auth/v1/token?grant_type=password \
-H "Content-Type: application/json" \
-H "apikey: YOUR_ANON_KEY" \
-d '{"email": "user@greysec.io", "password": "SecurePass123!"}'
# Get current user
curl http://localhost:9999/auth/v1/user \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
Health Checks
# Check all container statuses
docker ps --filter "name=greysec"
# Check Postgres
docker exec greysec_postgres pg_isready -U postgres
# Check Kong API gateway
curl http://localhost:9999/
# Check REST API
curl http://localhost:9999/rest/
# Check Auth service
curl http://localhost:9999/auth/v1/health
Using with Security Tools
SpiderFoot
# Point SpiderFoot to local Supabase REST API
sf.py -s target.com -o csv -t SUPABASE \
-s-data-source SUPABASE \
-s-supabase-url http://localhost:9999 \
-s-supabase-key YOUR_ANON_KEY
Direct Postgres Connection
# Connect directly to Postgres from host
psql "postgresql://postgres:YourPassword123!@localhost:5432/postgres"
psql Commands
-- Enable pgvector extension for semantic search
CREATE EXTENSION IF NOT EXISTS vector;
-- Example: Create a table with vector column
CREATE TABLE embeddings (
id serial PRIMARY KEY,
content text,
embedding vector(1536)
);
-- Example: Insert and search
INSERT INTO embeddings (content, embedding) VALUES
('钓鱼攻击分析', '[0.1, 0.2, 0.3, ...]');
Stopping
# Stop all services (preserves data)
docker compose -f ~/.hermes/scripts/supabase/docker/docker-compose.yml stop
# Stop and remove containers (preserves volumes/data)
docker compose -f ~/.hermes/scripts/supabase/docker/docker-compose.yml down
# Complete cleanup (DELETES ALL DATA)
docker compose -f ~/.hermes/scripts/supabase/docker/docker-compose.yml down -v
Troubleshooting
Kong returns 502 Bad Gateway
PostgREST or GoTrue may not be ready yet.
# Check if PostgREST is healthy
curl http://localhost:9999/rest/
# Check gotrue logs
docker logs greysec_gotrue
# Restart Kong after services are up
docker restart greysec_kong
Auth not working
# Verify JWT secret matches between GoTrue and PostgREST
docker logs greysec_gotrue | grep -i jwt
docker logs greysec_postgrest | grep -i jwt
Postgres connection issues
# Check Postgres is running
docker logs greysec_postgres
# Verify password in .env
docker exec -it greysec_postgres psql -U postgres -c "SELECT 1"
File Structure
~/.hermes/scripts/supabase/docker/
├── docker-compose.yml # Main compose file
├── kong.yml # Kong gateway routing config
├── .env # Environment variables template
└── README.md # This file