S

Configuration

Environment variables for authentication, payments, email, and analytics.

Database

.env
DATABASE_URL="postgresql://user:pass@localhost:5432/dbname"

Use Neon for production PostgreSQL.

Authentication

.env
# Required - generate with: openssl rand -base64 32
AUTH_SECRET="your-secret-key"


# Google OAuth (optional)
AUTH_GOOGLE_ID="your-client-id.googleusercontent.com"
AUTH_GOOGLE_SECRET="your-client-secret"

For Google OAuth, add redirect URI: http://localhost:3000/api/auth/callback/google

Stripe

.env
STRIPE_SECRET_KEY="sk_test_..."
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_..."
STRIPE_WEBHOOK_SECRET="whsec_..."


# Price IDs from Stripe Dashboard
STRIPE_PRICE_PRO_MONTHLY="price_..."
STRIPE_PRICE_PRO_YEARLY="price_..."
STRIPE_PRICE_ULTRA_MONTHLY="price_..."
STRIPE_PRICE_ULTRA_YEARLY="price_..."

Create webhook endpoint at /api/webhooks/stripe. See Stripe guide.

Email

.env
AUTH_RESEND_KEY="re_..."
EMAIL_FROM="noreply@yourdomain.com"

Get API key from Resend. EMAIL_FROM must use your verified domain.

Analytics

.env
NEXT_PUBLIC_POSTHOG_KEY="phc_..."
NEXT_PUBLIC_POSTHOG_HOST="https://eu.i.posthog.com"

Complete Example

.env
# Database
DATABASE_URL="postgresql://user:pass@localhost:5432/dbname"


# Auth
AUTH_SECRET="your-secret-key"
AUTH_GOOGLE_ID="your-client-id"
AUTH_GOOGLE_SECRET="your-client-secret"


# Email
AUTH_RESEND_KEY="re_..."
EMAIL_FROM="noreply@yourdomain.com"


# Stripe
STRIPE_SECRET_KEY="sk_test_..."
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_..."
STRIPE_WEBHOOK_SECRET="whsec_..."
STRIPE_PRICE_PRO_MONTHLY="price_..."
STRIPE_PRICE_PRO_YEARLY="price_..."
STRIPE_PRICE_ULTRA_MONTHLY="price_..."
STRIPE_PRICE_ULTRA_YEARLY="price_..."


# Analytics
NEXT_PUBLIC_POSTHOG_KEY="phc_..."
NEXT_PUBLIC_POSTHOG_HOST="https://eu.i.posthog.com"


# Security
CRON_SECRET="your-cron-secret"


# Admin Access (comma-separated emails)
ADMIN_EMAILS="you@example.com,cofounder@example.com"

Branding

Replace these files in public/ with your logo:

public/favicon.ico — Legacy browsers (32x32)
public/icon.svg — Modern browsers (vector)
public/apple-icon.png — iOS home screen (180x180)

Update site title in src/app/layout.tsx and header logo in src/components/Header.tsx.

Tips

Environments

  • • Use test Stripe keys in development
  • • Separate databases per environment
  • • Different AUTH_SECRET per environment

Security

  • • Never commit .env to git
  • • Rotate API keys regularly
  • • Use Vercel for production secrets

Next: Authentication

OAuth, magic links, and session management

Continue →