Air-Gap Supabase Deployment Kit

Problem Context

Defense and ITAR-controlled organizations need to run Supabase (Postgres + GoTrue + Kong) entirely offline. Their apps can't use public cloud, CDNs, or external services, but manual air-gap setups break auth, routing, and migrations. Current workarounds—like disabling email confirmation or baking migrations into images—are fragile and slow deployments.

Pain Points

1. Kong routing conflicts with customer-controlled reverse proxies, requiring messy manual configs.
2. Migrations break when you can’t pull from registries, leading to brittle baked-in updates. Users waste hours fixing these issues per deployment.

Impact

Missed contracts (ITAR violations), compliance fines, and delayed software releases cost these teams thousands per incident. Manual fixes introduce security risks and slow down mission-critical engineering workflows. Without a reliable air-gap solution, their apps can’t deploy at all.

Urgency

This is a showstopper for defense/aerospace firms. If they can’t deploy air-gapped, their software doesn’t ship. Compliance officers and engineers need a solution now—not in 6 months. Every day without it risks lost revenue and regulatory penalties.

Target Audience

Defense contractors, aerospace engineering teams, and ITAR-compliant government tech providers. Also applies to healthcare (HIPAA), finance (SWIFT), and energy sectors with similar air-gap needs. Any team running Supabase in a disconnected environment faces this.

Solution Approach

A pre-configured Docker stack + CLI tool that replaces Supabase’s cloud dependencies with air-gap-compatible alternatives. It handles auth (local JWT), routing (Kong auto-config), and migrations (baked-in updates) out of the box. Users pull the stack, run one command, and get a fully functional Supabase instance—no manual tweaks.

Key Features

1. *Kong Auto-Config:- Detects reverse proxy rules and sets up Kong routing automatically.
2. *Baked Migrations:- Includes all schema changes in the Docker image (no registry pulls).
3. ITAR Compliance Check: Scans for outbound calls, telemetry, or external dependencies before deployment.

User Experience

Users download the kit, run ./deploy-airgap, and get a Supabase instance in 5 minutes. The CLI handles auth setup, Kong routing, and migrations—no Docker or Kong expertise needed. For updates, they pull a new image monthly (no internet required). Compliance officers verify ITAR checks with one command.

Differentiation

Unlike generic Docker tools or Kong Enterprise (too complex), this is a *turnkey- solution for Supabase air-gapping. It’s cheaper than consulting firms ($100–$500/mo vs. $50K+ for manual setups) and more reliable than DIY workarounds. The ITAR compliance checks are a unique selling point—no other tool validates air-gap safety.

Scalability

Starts with a single-team license, then scales to enterprise with seat-based pricing. Add-ons like advanced Kong routing or custom auth can increase revenue per user. Monthly updates ensure compatibility with new Supabase versions, locking in recurring revenue.

Expected Impact

Teams deploy Supabase in minutes instead of days, avoiding compliance fines and missed contracts. Engineers spend 0 hours fixing auth/routing/migration issues. Compliance officers get audit-ready air-gap setups with one command. The kit becomes a mission-critical tool for their workflow.