Skip to content

Environment Variables

File Conventions

The project uses Vite's env file convention:

FileCommittedPurpose
.envYesShared defaults (placeholder values, no real secrets)
.env.localNoLocal overrides with real credentials
.env.staging.localNoStaging-specific overrides
.env.production.localNoProduction-specific overrides

.env.local takes precedence over .env. Create it by copying .env and filling in real values:

bash
cp .env .env.local

WARNING

Never put real secrets in .env – it's committed to git. Use .env.local for anything sensitive.

Cloudflare Worker Bindings

In production, environment variables are set as Worker secrets or bindings – not from .env files. Configure them in the Cloudflare dashboard or via Wrangler:

bash
wrangler secret put BETTER_AUTH_SECRET

Database connections use Hyperdrive bindings (HYPERDRIVE_CACHED, HYPERDRIVE_DIRECT) instead of raw connection strings. See Deployment for production setup.

For local development, Wrangler reads Hyperdrive connection strings from the CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_* variables in .env / .env.local.

Variable Reference

Application

VariableRequiredDescription
APP_NAMEYesDisplay name used in emails and passkey prompts
APP_ORIGINYesFull origin URL (e.g., http://localhost:5173)
API_ORIGINYesAPI server URL (e.g., http://localhost:8787)
ENVIRONMENTYesdevelopment, staging, or production
GOOGLE_CLOUD_PROJECTYesGoogle Cloud project ID (exposed to frontend)

Database

VariableRequiredDescription
DATABASE_URLYesPostgreSQL connection string
CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE_CACHEDDev onlyHyperdrive cached connection for local dev
CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE_DIRECTDev onlyHyperdrive direct connection for local dev

Authentication

VariableRequiredDescription
BETTER_AUTH_SECRETYesSecret for signing sessions and tokens. Generate with bunx @better-auth/cli secret
GOOGLE_CLIENT_IDYesGoogle OAuth client ID (console)
GOOGLE_CLIENT_SECRETYesGoogle OAuth client secret

See Authentication for provider setup details.

AI

VariableRequiredDescription
OPENAI_API_KEYYesOpenAI API key (AI SDK)

Email

VariableRequiredDescription
RESEND_API_KEYYesResend API key for sending emails
RESEND_EMAIL_FROMYesSender address (e.g., Your App <[email protected]>)

Billing (Optional)

Stripe billing is optional – the app works without these variables, but billing endpoints return 404.

VariableRequiredDescription
STRIPE_SECRET_KEYNoStripe API secret key
STRIPE_WEBHOOK_SECRETNoStripe webhook signing secret
STRIPE_STARTER_PRICE_IDNoStripe Price ID for the Starter plan
STRIPE_PRO_PRICE_IDNoStripe Price ID for the Pro plan (monthly)
STRIPE_PRO_ANNUAL_PRICE_IDNoStripe Price ID for the Pro plan (annual)

See Billing for Stripe configuration.

Cloudflare

VariableRequiredDescription
CLOUDFLARE_ACCOUNT_IDDeploy onlyCloudflare account ID
CLOUDFLARE_ZONE_IDDeploy onlyDNS zone ID for custom domains
CLOUDFLARE_API_TOKENDeploy onlyAPI token for Wrangler deployments
VariableRequiredDescription
GA_MEASUREMENT_IDNoGoogle Analytics 4 measurement ID
ALGOLIA_APP_IDNoAlgolia application ID
ALGOLIA_ADMIN_API_KEYNoAlgolia admin API key