Lyna
SupportBlog
IntroductionFeaturesIntegrationsTips & TricksChangelog
FeaturesEnterprise

Security

Lyna applies security at every layer, from how your code runs during development to how your published app is served.

Sandboxed Development

Every project runs in an isolated cloud sandbox powered by E2B.

  • Full isolation: Each project gets its own container with its own filesystem, processes, and network.
  • No cross-project access: One project cannot read files or data from another.
  • Automatic cleanup: Inactive sandboxes are terminated after a configurable timeout (60 minutes by default).
  • Persistence: Your Git repository is archived on destroy and restored when you reopen, so no work is lost.

Pre-Publish Security Scanning

Before every deployment, the publish wizard runs an automated scan.

Exposed Secrets

  • API keys (Stripe, AWS, Firebase, generic)
  • Private keys (RSA, EC, DSA, OpenSSH)
  • JWT secrets and hardcoded passwords
  • Database connection strings

Frontend Vulnerabilities

  • eval() usage
  • Unsafe innerHTML assignments
  • document.write() calls
  • Sensitive data in localStorage
  • Hardcoded API endpoints

Database Security

  • Tables without Row Level Security (RLS)
  • Missing or misconfigured RLS policies
  • General database security issues

Each finding has a severity level. The scan produces a score from 0 to 100 so you can review and fix issues before deploying.

Row Level Security (RLS)

When using Supabase, the security audit checks that every table has RLS enabled. RLS ensures queries only return data the requesting user is authorized to see. The audit flags:

  • Tables with RLS disabled.
  • Tables with RLS enabled but no policies (which blocks all access).
  • Overly permissive policy configurations.

Always enable RLS on tables with user data. Without it, any authenticated user can read or modify all rows.

Environment Secrets

Secrets like API keys and database credentials are stored in a .env file within your sandbox. Lyna provides a Secrets UI under Settings > Cloud > Secrets where you can:

  • Add, edit, and delete environment variables.
  • View masked values (secrets are never shown in plain text).
  • Secrets are scoped to your project and excluded when someone clones a public project.

SSL and Transport Security

Every published site runs over HTTPS with an automatically provisioned SSL certificate. Custom domains also get free SSL after DNS verification.

Authentication

Lyna uses Supabase Auth, which provides:

  • Secure password hashing with bcrypt.
  • JWT-based session management.
  • Social auth (Google, GitHub, etc.) with OAuth 2.0.
  • RLS integration so database access is tied to the authenticated user.

Content Moderation

Public projects in the Explore gallery are subject to content moderation. Projects that violate community guidelines can be reported and reviewed. Moderation status is visible in project settings.

Enterprise Overview

Managed hosting, team management, and support options.

Publishing

How the security scan fits into the publish workflow.

Supabase Auth

Set up authentication for your users.

On this page

Sandboxed Development
Pre-Publish Security Scanning
Exposed Secrets
Frontend Vulnerabilities
Database Security
Row Level Security (RLS)
Environment Secrets
SSL and Transport Security
Authentication
Content Moderation
Related