Supabase and Keycloak: Why I Recommend This Stack to My Clients – and What It Really Costs

I’ve been working in web development for several years and have accompanied many technology decisions during that time – for agencies, startups, and mid-sized companies. Supabase and Keycloak are the combination I rely on in most projects today. Not because it’s the easiest choice, but because it’s the most convincing one in the long run. What that means in concrete terms – including effort and costs – I’ll explain here.

Every web application needs two things that are often underestimated: a reliable data layer and a well-thought-out user management system. Both can be solved with proprietary managed services – quickly, conveniently, and with a monthly bill that grows with the project’s success. Or you make a decision for open, self-hostable systems and invest carefully once in the setup.

Supabase handles the data layer: database access, authentication, real-time updates, file storage – all based on PostgreSQL, all open source. Keycloak handles identity management: single sign-on, multi-factor authentication, role management, connection to existing directory services like LDAP. Keycloak has been the de facto standard in this category in the enterprise space for years and is actively maintained by Red Hat.

Together, they form an architecture that scales without needing to be repurchased.

The most obvious advantage is data control. Both systems can be operated on your own infrastructure – in Germany, GDPR-compliant, without critical business data sitting with a US provider. For many of my clients, this isn’t an optional requirement but a hard one.

Add to that the development speed. Supabase significantly reduces the effort for backend infrastructure. What used to take weeks can now be set up in days. That’s a concrete economic advantage, especially in early project phases.

And finally: no usage-based surprises. Anyone who has worked with Firebase or Auth0 and had to re-read the pricing table during rapid growth knows what I’m talking about.

I find it unhelpful to conceal these points.

Keycloak is not a tool you configure on the side. Setting up a production-ready system – with correct realm configurations, SSO flows, secure token management, and connection to Supabase – typically takes several days if you’re doing it for the first time. Those without experience in identity management regularly underestimate this.

Supabase is a young platform. It evolves quickly, which means APIs occasionally change and certain features don’t yet have the maturity of long-established systems. For production-critical environments, careful update management is part of the operational routine.

Self-hosting means operational responsibility. Updates, backups, monitoring, security patches – these don’t go away, they’re just in different hands. If you can’t or don’t want to handle this internally, you should consider Supabase Cloud and a managed Keycloak service. Costs increase, but effort decreases.

Both tools are open source. License costs are zero.

For an application with a few hundred to a few thousand active users, a server with 4–8 GB RAM is sufficient to start. At Hetzner – an obvious choice for GDPR-compliant deployments in Germany – that’s about 20–50 euros per month. If you need high availability with redundant instances and a separate database layer, you’re realistically looking at 150–400 euros monthly, depending on the load profile.

This is the cost block that’s most frequently underestimated. A clean initial implementation – Keycloak setup, Supabase integration, security configuration, testing – typically runs between 5,000 and 20,000 euros in development effort, depending on project scope. This is a one-time investment.

Those who want to avoid this effort and rely on managed services instead pay continuously. For a mid-sized project, this adds up to a multiple over three to five years.

With reasonable automation and stable architecture, I estimate 2–5 hours of monthly maintenance effort for updates, monitoring, and backups. That’s predictable – unlike the variable costs of usage-based services.

A typical mid-sized web application with this stack costs over three years – including infrastructure, implementation, and maintenance – typically between 40,000 and 80,000 euros, depending on complexity. A comparable setup with proprietary managed services costs roughly double in the same period, often more. And that’s without the flexibility and data control this stack provides.

The key difference: The costs of this stack decrease over time. The costs of managed services increase with the project’s success.

I recommend this stack when three conditions are met: data control is a real requirement, the project has a medium to long time horizon, and there’s a development team – internal or external – that carefully handles the initial setup.

Anyone who wants to set up a quick experiment without long-term ambitions is initially better served with Firebase or similar services. For everything else, the calculation is worth it.