[Docs] Recommended Pattern for `pg_cron` to Edge Function Authentication

[jyork03]

Link
This is a gap in the documentation that affects several pages. The most relevant are:

• https://supabase.com/docs/guides/api/api-keys
• https://supabase.com/docs/guides/database/extensions/pg_net#invoke-a-supabase-edge-function
• https://supabase.com/docs/guides/database/vault
• https://supabase.com/docs/guides/database/extensions/pgsodium
• https://supabase.com/docs/guides/database/extensions/pgjwt

Describe the problem
The documentation is missing a clear, up-to-date guide for a common server-to-server use case: having a Postgres cron job securely authenticate itself to call an Edge Function.

A developer trying to implement this with the latest versions of Supabase and Postgres currently faces a series of dead ends:

1. The old method of using a static service_role_key is no longer available, as the CLI doesn't provide it.
2. The pgjwt extension, which is referenced in many older community examples, is deprecated in Postgres 17.
3. Supabase DOES NOT RECOMMEND any new usage of pgsodium
4. The Vault documentation explains how to add, view and update secrets, but does not currently provide a high-level function (e.g., vault.sign_jwt()) or a clear pattern for creating a service_role JWT.

This leaves developers without a clear, officially recommended path forward.

The request needs an Authorization header with a JWT token, but all we have are secrets.

The current docs only reference the legacy anon_key. I don't currently see how to go from the secret keys to a signed JWT.

select net.http_post( url:='https://project-ref.supabase.co/functions/v1/function-name', headers:='{"Content-Type": "application/json", "Authorization": "Bearer <YOUR_ANON_KEY>"}'::jsonb, body:='{"name": "pg_net"}'::jsonb ) as request_id;

Describe the improvement
Please add a new section or a dedicated guide that documents the official, future-proof Supabase pattern for a Postgres function to programmatically authenticate itself for calling an Edge Function from pg_net or similar.

This guide should clearly answer:

• What is the recommended way to authenticate an Edge Function from within a Postgres function using pg_net with the new API Key/JWT Key paradigm for both local development and production?

Including code examples and guides for both local and production environments for the officially endorsed pattern would be immensely helpful for the community. The local studio environment does not have the settings section that the supabase.com dashboard has, so that will need to be taken into account.

Additional context
This request stems from trying to implement this pattern on a modern Supabase stack. The lack of a clear path can lead to significant development friction.

• Supabase CLI: 2.48.3
• Postgres Version: 17.6
• Platform: macOS (Apple Silicon)
• Support Ticket: SU-270938