Environment Variables
Configure your went application with environment variables for different environments.
Required Variables
DATABASE_URL=postgresql://username:password@localhost:5432/databasePostgreSQL connection string for your database. Used by Prisma for database operations.
DIRECT_URL=postgresql://username:password@localhost:5432/databaseDirect database connection URL. Required for some hosting providers like Supabase.
AUTH_SECRET=your-32-character-secret-keySecret key for NextAuth.js session encryption. Generate with openssl rand -base64 32
NEXTAUTH_URL=http://localhost:3000Base URL of your application. Used for callback URLs and redirects.
Optional Variables
RESEND_API_KEY=re_123456789Resend API key for sending emails (password reset, welcome emails).
Note: Without this variable, email functionality will be disabled but the app will still work.
GOOGLE_CLIENT_ID=your-google-client-idGoogle OAuth client ID from Google Cloud Console.
GOOGLE_CLIENT_SECRET=your-google-client-secretGoogle OAuth client secret from Google Cloud Console.
Tip: When both Google OAuth variables are set, Google sign-in buttons automatically appear.
STRIPE_SECRET_KEY=sk_test_or_live_keyStripe secret key for processing payments.
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_or_live_keyStripe publishable key for client-side Stripe integration.
STRIPE_WEBHOOK_SECRET=whsec_webhook_secretStripe webhook endpoint secret for verifying webhook signatures.
Environment Setup
# Database DATABASE_URL="postgresql://user:password@localhost:5432/went_db" DIRECT_URL="postgresql://user:password@localhost:5432/went_db" # Authentication AUTH_SECRET="your-32-character-secret-key-here" NEXTAUTH_URL="http://localhost:3000" # Email (Optional) RESEND_API_KEY="re_your_resend_api_key" # Google OAuth (Optional) GOOGLE_CLIENT_ID="your-google-client-id" GOOGLE_CLIENT_SECRET="your-google-client-secret" # Stripe (Optional) STRIPE_SECRET_KEY="sk_test_your_stripe_secret_key" NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_your_stripe_publishable_key" STRIPE_WEBHOOK_SECRET="whsec_your_webhook_secret"
Development
Use local database and test API keys:
DATABASE_URL="postgresql://localhost:5432/went_dev"
NEXTAUTH_URL="http://localhost:3000"Production
Use production database and live API keys:
DATABASE_URL="postgresql://prod-server:5432/went_prod"
NEXTAUTH_URL="https://yourdomain.com"Security Best Practices
Never Commit Secrets
- • Add .env to your .gitignore file
- • Use .env.example for documenting required variables
- • Never hardcode secrets in your source code
- • Use different secrets for different environments
Deployment Considerations
- • Use your hosting platform's environment variable settings
- • Rotate secrets regularly in production
- • Use strong, randomly generated secrets
- • Validate required environment variables on startup
Development Tips
- • Copy .env.example to .env to get started
- • Use tools like dotenv-cli for environment switching
- • Document new environment variables in .env.example
- • Test with different environment configurations
Quick Setup
1. Copy the example environment file:
cp .env.example .env2. Generate a secure AUTH_SECRET:
openssl rand -base64 323. Update your database connection string and run migrations:
went db migrate initNext Steps
Continue your journey with Went: