ignitionstack.pro v1.0 is out! Read the announcement →
Skip to Content

Environment Variables

Complete reference for all environment variables in ignitionstack.pro. All integrations (Supabase, Stripe, analytics, Resend, etc.) are controlled via .env variables.

Quick Start

Copy the Example File

cp .env.example .env

Edit with Your Credentials

Open .env and fill in your values:

# Required
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
AUTH_SECRET=your-auth-secret

Start Development

npm run dev

Never commit .env to Git! Add it to .gitignore and use .env.example as a template.

Variable Categories

Supabase (Required)

VariablePublicDescription
NEXT_PUBLIC_SUPABASE_URLYesSupabase project URL
NEXT_PUBLIC_SUPABASE_ANON_KEYYesSupabase anonymous key (respects RLS)
SUPABASE_SERVICE_ROLE_KEYNoService role key (bypasses RLS)
# Get from: https://app.supabase.com/project/_/settings/api
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...
SUPABASE_SERVICE_ROLE_KEY=eyJ...

Never expose SUPABASE_SERVICE_ROLE_KEY in client-side code. It bypasses Row Level Security!

Authentication

VariablePublicDescription
AUTH_SECRETNoNextAuth secret key
AUTH_GOOGLE_IDNoGoogle OAuth client ID
AUTH_GOOGLE_SECRETNoGoogle OAuth client secret
ADMIN_AUTH_SECRETNoAdmin session encryption secret
# Generate secret: openssl rand -base64 32
AUTH_SECRET=your-nextauth-secret-key
 
# Google OAuth: https://console.cloud.google.com/apis/credentials
AUTH_GOOGLE_ID=your-google-oauth-client-id
AUTH_GOOGLE_SECRET=your-google-oauth-client-secret
 
# Admin session encryption
ADMIN_AUTH_SECRET=your-admin-secret-key

Stripe Payments

VariablePublicDescription
STRIPE_SECRET_KEYNoStripe secret API key
NEXT_PUBLIC_STRIPE_PUBLIC_KEYYesStripe publishable key
STRIPE_WEBHOOK_SECRET_KEYNoWebhook signing secret
STRIPE_PRODUCT_IDNoYour Stripe product ID
NEXT_PUBLIC_STRIPE_PRICE_ID_LIFETIMEYesLifetime plan price ID
NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLYYesMonthly plan price ID
STRIPE_CLIENT_IDNoStripe Connect client ID
# Get from: https://dashboard.stripe.com/apikeys
STRIPE_SECRET_KEY=sk_test_...
NEXT_PUBLIC_STRIPE_PUBLIC_KEY=pk_test_...
 
# Product & Prices
STRIPE_PRODUCT_ID=prod_...
NEXT_PUBLIC_STRIPE_PRICE_ID_LIFETIME=price_...
NEXT_PUBLIC_STRIPE_PRICE_ID_MONTHLY=price_...
 
# Webhook: https://dashboard.stripe.com/webhooks
STRIPE_WEBHOOK_SECRET_KEY=whsec_...
STRIPE_CLIENT_ID=ca_...

Use sk_test_ and pk_test_ keys for development. Switch to sk_live_ and pk_live_ for production.

Email (Resend)

VariablePublicDescription
RESEND_API_KEYNoResend API key
RESEND_API_EMAIL_FROMNoSender email address
RESEND_WEBHOOK_SECRETNoWebhook verification secret
CONTACT_RECEIVER_EMAILNoContact form recipient
# Get from: https://resend.com/
RESEND_API_KEY=re_...
RESEND_API_EMAIL_FROM=noreply@yourdomain.com
RESEND_WEBHOOK_SECRET=your-webhook-secret
CONTACT_RECEIVER_EMAIL=contact@yourdomain.com

Analytics

VariablePublicDescription
NEXT_PUBLIC_GA_IDYesGoogle Analytics 4 ID
AUTH_MIXPANEL_TOKENNoMixpanel project token
# Google Analytics: https://analytics.google.com/
NEXT_PUBLIC_GA_ID=G-XXXXXXXXXX
 
# Mixpanel: https://mixpanel.com/
AUTH_MIXPANEL_TOKEN=your-mixpanel-token

Contact Channels

VariablePublicDescription
NEXT_PUBLIC_CONTACT_WHATSAPP_URLYesWhatsApp chat URL
NEXT_PUBLIC_CONTACT_EMAILYesPublic contact email
NEXT_PUBLIC_CONTACT_CALENDLY_URLYesCalendly booking URL
NEXT_PUBLIC_CONTACT_WHATSAPP_URL=https://wa.me/your_phone_number
NEXT_PUBLIC_CONTACT_EMAIL=contact@yourdomain.com
NEXT_PUBLIC_CONTACT_CALENDLY_URL=https://calendly.com/your_username

AI Chatbot

VariablePublicDescription
AI_ENCRYPTION_KEYNoKey for encrypting user API keys
OLLAMA_BASE_URLNoOllama server URL
OPENAI_API_KEYNoOpenAI API key
GOOGLE_AI_API_KEYNoGoogle AI (Gemini) key
ANTHROPIC_API_KEYNoAnthropic (Claude) key
NEXT_PUBLIC_ENABLE_AI_CHATYesEnable AI chat in UI
# Encryption (REQUIRED): openssl rand -hex 32
AI_ENCRYPTION_KEY=your_encryption_key_min_32_chars
 
# AI Providers (optional - users can provide their own)
OPENAI_API_KEY=sk-...
GOOGLE_AI_API_KEY=...
ANTHROPIC_API_KEY=sk-ant-...
 
# Ollama (local/remote)
OLLAMA_BASE_URL=http://localhost:11434
 
# Feature flag
NEXT_PUBLIC_ENABLE_AI_CHAT=true

AI Feature Flags

VariableDefaultDescription
ENABLE_AI_RAGtrueDocument upload & vector search
ENABLE_AI_FUNCTION_CALLINGtrueTools/function calling
ENABLE_AI_MULTIMODALtrueImage/PDF analysis
ENABLE_AI_BILLINGtrueCredits/billing system
ENABLE_AI_MODERATIONtrueContent moderation
ENABLE_AI_PII_DETECTIONtruePII detection & masking
ENABLE_AI_RAG=true
ENABLE_AI_FUNCTION_CALLING=true
ENABLE_AI_MULTIMODAL=true
ENABLE_AI_BILLING=true
ENABLE_AI_MODERATION=true
ENABLE_AI_PII_DETECTION=true

AI Performance

VariableDefaultDescription
AI_DEFAULT_TIMEOUT_MS30000Request timeout (ms)
AI_CIRCUIT_BREAKER_THRESHOLD5Failures before circuit opens
AI_DEFAULT_TIMEOUT_MS=30000
AI_CIRCUIT_BREAKER_THRESHOLD=5

Environment-Specific Files

FilePurpose
.envLocal development
.env.exampleTemplate (commit this)
.env.productionProduction overrides
.env.testTest environment

Accessing Variables

Server-Side

// In Server Components, Server Actions, API Routes
const key = process.env.SUPABASE_SERVICE_ROLE_KEY

Client-Side

// Only NEXT_PUBLIC_ prefixed variables
const url = process.env.NEXT_PUBLIC_SUPABASE_URL

Only variables prefixed with NEXT_PUBLIC_ are exposed to the browser. Never prefix sensitive keys with NEXT_PUBLIC_.

Validation

ignitionstack.pro validates environment variables at build time:

// lib/env.ts
import { z } from 'zod'
 
const envSchema = z.object({
  NEXT_PUBLIC_SUPABASE_URL: z.string().url(),
  NEXT_PUBLIC_SUPABASE_ANON_KEY: z.string().min(1),
  SUPABASE_SERVICE_ROLE_KEY: z.string().min(1),
  AUTH_SECRET: z.string().min(32),
})
 
export const env = envSchema.parse(process.env)

CI/CD Setup

Vercel

Add environment variables in Project Settings > Environment Variables.

GitHub Actions

env:
  NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
  SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_KEY }}

Docker

# Pass at runtime
docker run -e SUPABASE_SERVICE_ROLE_KEY=xxx myapp
 
# Or use .env file
docker run --env-file .env.production myapp

Security Checklist

Next Steps