Environment Variables
Secure configuration management across development, staging, and production environments using .env files and proper secret handling
Environment Variables
Environment variables securely manage configuration across different environments (development, production) without committing sensitive data to version control.
Overview
Each application and package uses .env files for environment-specific configuration:
.env.local- Local development variables (gitignored).env.example- Template showing required variables.env.production- Production environment variables
These files are not committed to version control and should be created from the provided .env.example files.
Setup
- Copy the relevant
.env.examplefile to.env,.env.local, or.env.productionin each app/package.
find . -name ".env.example" -execdir sh -c 'cp .env.example .env' \;- Fill in the required values in each
.envfile as described below.
Quick Start
To run locally with basic functionality, configure these required variables:
- Database
DATABASE_URL=postgres://postgres:password@localhost:5432/appFor local development, we recommend Supabase for a managed PostgreSQL database. Set up a free project and get the connection string.
- Authentication Secret
Add to both apps/api/.env.local and apps/web/.env.local (must be identical):
BETTER_AUTH_SECRET=your-generated-secret
Generate a secure secret for Better Auth:
# Option 1: Using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
# Option 2: Using OpenSSL
openssl rand -hex 32
# Option 3: Online generator
# Visit: https://generate-secret.vercel.app/32The BETTER_AUTH_SECRET must be identical in both apps/api/.env.local
and apps/web/.env.local. Copy and paste the same generated value in both
files.
- OAuth Credentials
Add to apps/web/.env.local and apps/api/.env:
GOOGLE_CLIENT_ID=your-google-client-idGOOGLE_CLIENT_SECRET=your-google-client-secretNEXT_PUBLIC_BASE_URL=http://localhost:3000
Set up OAuth credentials in the Google Cloud
Console. Use
http://localhost:3000/api/auth/callback/google as the redirect URI.
- Email Service (Resend)
Add to apps/web/.env.local, apps/api/.env.local and packages/email/.env.local:
RESEND_TOKEN=your-resend-tokenRESEND_EMAIL_FROM=your@email.com
Sign up at Resend to get an API token and set up a
verified sender email.
- Rate Limiting
Add to apps/api/.env.local and packages/rate-limit/.env.local:
UPSTASH_REDIS_REST_URL=your-upstash-urlUPSTASH_REDIS_REST_TOKEN=your-upstash-token
Use Upstash for a managed Redis instance. Set up a
free database and get the REST_URL and TOKEN.
Environment Variable Files
build-elevate uses the following .env files:
| File | Description |
|---|---|
apps/web/.env.local | Web Application Variables |
apps/api/.env.local | API Server Variables |
packages/db/.env | Database connection and Prisma config |
packages/email/.env | React Email templates and Resend integration |
packages/rate-limit/.env | Upstash Redis config |
Adding New Variables
To add new environment variables:
- Define the variable in the appropriate
.envfile. - Add validation to the server or client object in the package's
keys.tsfile.
Example packages/package-name/keys.ts:
import { createEnv } from "@t3-oss/env-nextjs";
import { z } from "zod";
export const keys = createEnv({
server: {
NEW_SECRET: z.string().min(1),
},
client: {
NEXT_PUBLIC_NEW_VALUE: z.string().optional(),
},
runtimeEnv: {
NEW_SECRET: process.env.NEW_SECRET,
NEXT_PUBLIC_NEW_VALUE: process.env.NEXT_PUBLIC_NEW_VALUE,
},
});Deployment
When deploying to production:
-
Ensure all required environment variables are set in your hosting platform (e.g., Vercel, Heroku, etc.). Refer to their documentation for setting environment variables.
-
Update URL variables (
NEXT_PUBLIC_APP_URL, etc.) to production values as needed.
Variables prefixed with VERCEL_ are automatically available in Vercel
deployments, such as VERCEL_PRODUCTION_URL.