Environment Variables
All environment variables are configured in the root .env file, shared by both frontend and backend.
cp .env.example .env
Security
Variables are scoped by prefix:
| Prefix | Accessible From | Notes |
|---|
PUBLIC_ | Frontend + Website + Backend | Exposed to browser, do not put sensitive data |
| No prefix | Backend only | Not included in frontend bundles |
Backend Variables (Server Only)
Basic Config
| Variable | Description | Example |
|---|
NODE_ENV | Runtime environment | development / production |
CONFIG_SUFFIX | Config file suffix | example |
ALLOWED_ORIGINS | Allowed CORS origins, comma-separated | example.com,app.example.com |
Database & Cache
| Variable | Description | Example |
|---|
POSTGRES_CONNECTION_STRING | PostgreSQL connection string | postgresql://admin:admin@localhost:5432/readystart |
VALKEY_CONNECTION_STRING | Valkey/Redis connection string | redis://localhost:6379 |
VALKEY_PREFIX | Cache key prefix | prod: |
JWT
| Variable | Description | Example |
|---|
JWT_SECRET | JWT signing secret | your-secret-key |
JWT_EXPIRES_IN | Token expiration | 365d |
Stripe Payments
| Variable | Description |
|---|
STRIPE_SECRET_KEY | Stripe API key |
STRIPE_WEBHOOK_SECRET_KEY | Webhook signing secret |
Email (SMTP)
| Variable | Description | Example |
|---|
MAIL_SEND_ENABLED | Enable email sending | true / false |
MAIL_HOST | SMTP host | email-smtp.us-east-1.amazonaws.com |
MAIL_PORT | SMTP port | 587 |
MAIL_USER | SMTP username | — |
MAIL_PASS | SMTP password | — |
MAIL_FROM_NAME | Sender name | Your App Name |
MAIL_FROM_ADDRESS | Sender email | no-reply@example.com |
MAIL_SUPPORT_URL | Support page URL | https://www.example.com/support |
MAIL_UNSUBSCRIBE_URL | Unsubscribe URL | https://console.example.com/settings/notifications |
Google OAuth
| Variable | Description |
|---|
GOOGLE_CLIENT_ID | Google OAuth Client ID |
Cloudflare Turnstile
| Variable | Description |
|---|
TURNSTILE_VERIFY_URL | Verification endpoint |
TURNSTILE_SECRET_KEY | Server-side secret key |
Cloudflare R2 Storage
| Variable | Description |
|---|
R2_ACCOUNT_ID | Cloudflare Account ID |
R2_ACCESS_KEY_ID | R2 access key |
R2_SECRET_ACCESS_KEY | R2 secret key |
R2_BUCKET_NAME | Bucket name |
R2_PUBLIC_DOMAIN | Public access domain |
AWS (Optional)
Not needed if using IAM Roles on EC2/ECS.
| Variable | Description |
|---|
AWS_REGION | AWS region |
AWS_ACCESS_KEY_ID | Access key |
AWS_SECRET_ACCESS_KEY | Secret key |
Frontend Variables (PUBLIC_ prefix)
Shared by frontend (console) and website. Exposed to the browser.
| Variable | Description | Example |
|---|
PUBLIC_BACK_END | Backend API URL | http://localhost:16888 |
PUBLIC_CONSOLE_URL | Frontend URL (also used for Stripe callbacks) | http://localhost:5173 |
PUBLIC_TITLE | App name | Your App Name |
PUBLIC_GOOGLE_CLIENT_ID | Google OAuth Client ID (frontend) | — |
PUBLIC_TURNSTILE | Turnstile frontend Site Key | — |
PUBLIC_SUPPORT_EMAIL | Contact email (shown on legal pages) | support@example.com |
PUBLIC_LEDAL_TERMS | Terms of service URL | /legal/terms |
PUBLIC_LEDAL_PRIVACY | Privacy policy URL | /legal/privacy |
PUBLIC_CONSOLE_CLARITY_PROJECT_ID | Console Clarity project ID (optional) | — |
PUBLIC_WEBSITE_CLARITY_PROJECT_ID | Website Clarity project ID (optional) | — |