[pull] master from supabase:master

apps/docs/content/_partials/metrics_access.mdx

@@ -1,50 +1,51 @@
 <Accordion
-  type="default"
-  openBehaviour="multiple"
-  chevronAlign="right"
-  justified
-  size="medium"
-  className="text-foreground-light mt-8 mb-6 [&>div]:space-y-4"
+type="default"
+openBehaviour="multiple"
+chevronAlign="right"
+justified
+size="medium"
+className="rounded-lg border border-foreground/10 bg-surface-100 text-foreground-light [&>div]:space-y-4 p-4"
 >
 
-<AccordionItem
-header={<span className="text-foreground">What you can do with the Metrics API</span>}
-id="how-do-i-check-when-a-user-went-through-mfa"
->
+    <AccordionItem
+    header={<span className="text-foreground font-medium">What you can do with the Metrics API</span>}
+    id="how-do-i-check-when-a-user-went-through-mfa"
+    className="border-0 px-2 py-4"
+    >
 
-Every Supabase project exposes a metrics feed at `https://<project-ref>.supabase.co/customer/v1/privileged/metrics`. Replace `<project-ref>` with the identifier from your project URL or from the dashboard sidebar.
+    Every Supabase project exposes a metrics feed at `https://<project-ref>.supabase.co/customer/v1/privileged/metrics`. Replace `<project-ref>` with the identifier from your project URL or from the dashboard sidebar.
 
-1. Copy your project reference and confirm the base URL using the helper below.
+    1. Copy your project reference and confirm the base URL using the helper below.
 
-   <ProjectConfigVariables variable="url" />
+    <ProjectConfigVariables variable="url" />
 
-2. Configure your collector to scrape once per minute. The endpoint already emits the full set of metrics on each request.
-3. Authenticate with HTTP Basic Auth:
+    2. Configure your collector to scrape once per minute. The endpoint already emits the full set of metrics on each request.
+    3. Authenticate with HTTP Basic Auth:
 
-   - **Username**: `service_role`
-   - **Password**: a service role secret (JWT) from [**Project Settings > JWT** (opens in a new tab)](/dashboard/project/_/settings/jwt) or any other Secret API key from [**Project Settings > API keys** (opens in a new tab)](/dashboard/project/_/settings/api-keys)
+    - **Username**: `service_role`
+    - **Password**: a service role secret (JWT) from [**Project Settings > JWT** (opens in a new tab)](/dashboard/project/_/settings/jwt) or any other Secret API key from [**Project Settings > API keys** (opens in a new tab)](/dashboard/project/_/settings/api-keys)
 
-Testing locally is as simple as running `curl` with your service role secret:
+    Testing locally is as simple as running `curl` with your service role secret:
 
-```bash
-curl <project-url>/customer/v1/privileged/metrics \
+    ```bash
+    curl <project-url>/customer/v1/privileged/metrics \
     --user 'service_role:sb_secret_...'
-```
+    ```
 
-You can provision long-lived automation tokens in two ways:
+    You can provision long-lived automation tokens in two ways:
 
-- Create an account access token once at [**Account Settings > Access Tokens (opens in a new tab)**](/dashboard/account/tokens) and reuse it wherever you configure observability tooling.
-- **Optional**: programmatically exchange an access token for project API keys via the [Management API ](/docs/reference/api/management-projects-api-keys-retrieve').
+    - Create an account access token once at [**Account Settings > Access Tokens (opens in a new tab)**](/dashboard/account/tokens) and reuse it wherever you configure observability tooling.
+    - **Optional**: programmatically exchange an access token for project API keys via the [Management API ](/docs/reference/api/management-projects-api-keys-retrieve').
 
-```bash
-# (Optional) Exchange an account access token for project API keys
-export SUPABASE_ACCESS_TOKEN="your-access-token"
-export PROJECT_REF="your-project-ref"
+    ```bash
+    # (Optional) Exchange an account access token for project API keys
+    export SUPABASE_ACCESS_TOKEN="your-access-token"
+    export PROJECT_REF="your-project-ref"
 
-curl -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
+    curl -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
     "https://api.supabase.com/v1/projects/$PROJECT_REF/api-keys?reveal=true"
-```
+    ```
 
-</AccordionItem>
+    </AccordionItem>
 
 </Accordion>

docker/.env.example

@@ -10,7 +10,7 @@ SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZX
 DASHBOARD_USERNAME=supabase
 DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated
 SECRET_KEY_BASE=UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq
-VAULT_ENC_KEY=your-encryption-key-32-chars-min
+VAULT_ENC_KEY=your-32-character-encryption-key
 PG_META_CRYPTO_KEY=your-encryption-key-32-chars-min
 
 

docker/docker-compose.yml

@@ -208,15 +208,8 @@ services:
     healthcheck:
       test:
         [
-          "CMD",
-          "curl",
-          "-sSfL",
-          "--head",
-          "-o",
-          "/dev/null",
-          "-H",
-          "Authorization: Bearer ${ANON_KEY}",
-          "http://localhost:4000/api/tenants/realtime-dev/health"
+          "CMD-SHELL",
+          "curl -sSfL --head -o /dev/null -H \"Authorization: Bearer ${ANON_KEY}\" http://localhost:4000/api/tenants/realtime-dev/health"
         ]
       timeout: 5s
       interval: 5s
@@ -236,8 +229,8 @@ services:
       DNS_NODES: "''"
       RLIMIT_NOFILE: "10000"
       APP_NAME: realtime
-      SEED_SELF_HOST: true
-      RUN_JANITOR: true
+      SEED_SELF_HOST: "true"
+      RUN_JANITOR: "true"
 
   # To use S3 backed storage: docker compose -f docker-compose.yml -f docker-compose.s3.yml up
   storage: