Configuration

Environment variables

Learn how to configure environment variables.

Environment variables are defined in the .env file in the root of the repository and in the root of the apps/web package.

  • Shared environment variables: Defined in the root .env file. These are shared between environments (e.g., development, staging, production) and apps (e.g., web, mobile).
  • Environment-specific variables: Defined in .env.development and .env.production files. These are specific to the development and production environments.
  • App-specific variables: Defined in the app-specific directory (e.g., apps/web). These are specific to the app and are not shared between apps.
  • Secret keys: Not stored in the .env file. Instead, they are stored in the environment variables of the CI/CD system.
  • Local secret keys: If you need to use secret keys locally, you can store them in the .env.local file. This file is not committed to Git, making it safe for sensitive information.

Shared variables

Here you can add all the environment variables that are shared across all the apps. This file should be located in the root of the project.

To override these variables in a specific environment, please add them to the specific environment file (e.g. .env.development, .env.production).

.env.local
# Shared environment variables
 
# Supabase config to be used in apps to create Supabase clients.
SUPABASE_ANON_KEY=""
SUPABASE_URL="http://127.0.0.1:54321"
 
# The name of the product. This is used in various places across the apps.
PRODUCT_NAME="TurboStarter"
 
# The title of the site. This is used in the <title> tag of the site.
SITE_TITLE="Ship your startup everywhere. In minutes."
 
...

App-specific variables

Here you can add all the environment variables that are specific to the app (e.g. apps/web).

You can also override the shared variables defined in the root .env file.

apps/web/.env.local
# App-specific environment variables
 
# Env variables extracted from shared to be exposed to the client in Next.js app
NEXT_PUBLIC_SUPABASE_ANON_KEY="${SUPABASE_ANON_KEY}"
NEXT_PUBLIC_SUPABASE_URL="${SUPABASE_URL}"
NEXT_PUBLIC_PRODUCT_NAME="${PRODUCT_NAME}"
NEXT_PUBLIC_SITE_TITLE="${SITE_TITLE}"
NEXT_PUBLIC_SITE_URL="${SITE_URL}"
NEXT_PUBLIC_SITE_DESCRIPTION="${SITE_DESCRIPTION}"
NEXT_PUBLIC_URL="${SITE_URL}"
 
# Use this variable to enable or disable password-based authentication. If you set this to true, users will be able to sign up and sign in using their email and password. If you set this to false, the form won't be shown.
NEXT_PUBLIC_AUTH_PASSWORD="true"
 
...

NEXT_PUBLIC_ prefix

To make environment variables available in the Next.js client-side app code, you need to prefix them with NEXT_PUBLIC_. They will be injected to the code during the build process.

Only environment variables prefixed with NEXT_PUBLIC_ will be injected, so don't use this prefix for environment variables that should be used only in the server-side code.

Read more about Next.js environment variables.

Secret keys

Secret keys and sensitive information are to be never stored in the .env file. Instead, they are stored in the environment variables of the CI/CD system.

What does this mean?

It means that you will need to add the secret keys to the environment variables of your CI/CD system (e.g., GitHub Actions, Vercel, Cloudflare, your VPS, Netlify, etc.). This is not a TurboStarter-specific requirement, but a best practice for security for any application. Ultimately, it's your choice.

Below is some examples of "what is a secret key?" in practice.

.env.local
# Secret keys
 
# The database URL is used to connect to your Supabase database.
DATABASE_URL="postgresql://postgres:postgres@127.0.0.1:54322/postgres"
 
# Stripe server config - required only if you use Stripe as a billing provider
STRIPE_WEBHOOK_SECRET=""
STRIPE_SECRET_KEY=""
 
# Lemon Squeezy server config - required only if you use Lemon Squeezy as a billing provider
LEMON_SQUEEZY_API_KEY=""
LEMON_SQUEEZY_SIGNING_SECRET=""
LEMON_SQUEEZY_STORE_ID=""
 
...

Secrets used locally

If you need to use secret keys locally, you can store them in the .env.local file. This file is not committed to Git, therefore it is safe to store sensitive information in it.

Last updated on

Previous

Managing dependencies

Next

App configuration

On this page

Shared variables
App-specific variables
Secret keys
Ship your startup everywhere. In minutes.Get TurboStarter