-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
157 lines (139 loc) · 8.18 KB
/
env.example
File metadata and controls
157 lines (139 loc) · 8.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Supabase - Local Development
VITE_SUPABASE_URL=http://localhost:54321
VITE_SUPABASE_ANON_KEY=your-local-anon-key
EXPO_PUBLIC_SUPABASE_URL=http://localhost:54321
EXPO_PUBLIC_SUPABASE_ANON_KEY=your-local-anon-key
# Observability (Sentry) — optional; leave empty to disable error reporting locally
# Web: apps/web/.env.local (or root .env.local for Vite)
VITE_SENTRY_DSN=
# Mobile: apps/mobile/.env.local
EXPO_PUBLIC_SENTRY_DSN=
# Set in CI at build time (#299); omit locally unless testing release/source maps
VITE_SENTRY_RELEASE=
VITE_SENTRY_ENVIRONMENT=
EXPO_PUBLIC_SENTRY_RELEASE=
EXPO_PUBLIC_SENTRY_ENVIRONMENT=
SUPABASE_URL=http://localhost:54321
SUPABASE_ANON_KEY=your-local-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-local-service-role-key
# Multi-device Development (optional)
# For testing real-time features across multiple devices, use nip.io with your LAN IP
# IMPORTANT: VITE_DEV_HOST should be just the hostname (no http:// or port number)
# Example: VITE_DEV_HOST=beaker-stack-192-168-0-196.nip.io
# Then update VITE_SUPABASE_URL and EXPO_PUBLIC_SUPABASE_URL to use the same domain
VITE_DEV_HOST=
# Additional redirect URL for Supabase OAuth (use full HTTPS URL with port)
# Example: SUPABASE_ADDITIONAL_REDIRECT_URL=https://beaker-stack-192-168-0-196.nip.io:5173
SUPABASE_ADDITIONAL_REDIRECT_URL=
# Site URL for OAuth redirects (where Supabase redirects after successful auth)
# Example: SUPABASE_AUTH_SITE_URL=https://beaker-stack-192-168-0-196.nip.io:5173
# For localhost development, use: SUPABASE_AUTH_SITE_URL=http://localhost:5173
SUPABASE_AUTH_SITE_URL=http://localhost:5173
# Supabase - Production
PRODUCTION_SUPABASE_URL=your-production-supabase-url
PRODUCTION_SUPABASE_ANON_KEY=your-production-anon-key
PRODUCTION_SUPABASE_SERVICE_ROLE_KEY=your-production-service-role-key
PRODUCTION_SUPABASE_PROJECT_REF=your-production-project-ref
# Supabase - Staging
STAGING_SUPABASE_URL=your-staging-supabase-url
STAGING_SUPABASE_ANON_KEY=your-staging-anon-key
STAGING_SUPABASE_SERVICE_ROLE_KEY=your-staging-service-role-key
STAGING_SUPABASE_PROJECT_REF=your-staging-project-ref
# Supabase - PR Testing (shared for all PRs)
PR_TESTING_SUPABASE_URL=your-pr-testing-supabase-url
PR_TESTING_SUPABASE_ANON_KEY=your-pr-testing-anon-key
PR_TESTING_SUPABASE_SERVICE_ROLE_KEY=your-pr-testing-service-role-key
PR_TESTING_SUPABASE_PROJECT_REF=your-pr-testing-project-ref
# Stripe Billing - Environment-specific Edge secrets
# Use test keys for local/preview/staging; use live keys only for production go-live.
# Each hosted Supabase project needs its own webhook signing secret (whsec_...).
LOCAL_STRIPE_SECRET_KEY=sk_test_local_or_shared
LOCAL_STRIPE_WEBHOOK_SECRET=whsec_local_from_stripe_listen
PREVIEW_STRIPE_SECRET_KEY=sk_test_preview
PREVIEW_STRIPE_WEBHOOK_SECRET=whsec_preview_endpoint
STAGING_STRIPE_SECRET_KEY=sk_test_staging
STAGING_STRIPE_WEBHOOK_SECRET=whsec_staging_endpoint
PRODUCTION_STRIPE_SECRET_KEY=sk_live_production
PRODUCTION_STRIPE_WEBHOOK_SECRET=whsec_production_endpoint
# Billing Edge Functions — CORS and checkout/portal redirect allowlist (comma-separated origins only: scheme + host + port, no paths)
# Set on each Supabase project (Edge Function secret) as BILLING_ALLOWED_ORIGINS; CI maps the per-env values below on deploy.
#
# Local development (BILLING_ALLOWED_ORIGINS):
# - Usually leave empty. When SUPABASE_URL is local (e.g. http://127.0.0.1:54321 from supabase start), Edge code auto-merges common
# dev origins: http://localhost:5173, http://127.0.0.1:5173, http://[::1]:5173 (IPv6 loopback), :8081 (Expo), :3000 — so Vite/Expo on those ports work with no secret.
# - Add an origin if your app is not covered: another port (e.g. http://localhost:4173), a LAN IP for a device
# (e.g. http://192.168.0.12:8081), a nip.io / custom dev host, or a custom URL scheme origin for deep links
# (e.g. myapp://billing).
# - Use sk_test_ keys locally. sk_live_ rejects plain http: redirect URLs (https: or non-http schemes only, as allowed).
#
# PREVIEW_/STAGING_/PRODUCTION_BILLING_ALLOWED_ORIGINS are for GitHub Actions → Supabase deploy secrets (deployed web/preview origins);
# you do not need them in a local .env for day-to-day coding.
# If PREVIEW_BILLING_ALLOWED_ORIGINS is unset/empty, pr-preview-environment.yml defaults to https://deploy.beakerstack.com for path-based PR previews.
BILLING_ALLOWED_ORIGINS=
PREVIEW_BILLING_ALLOWED_ORIGINS=
STAGING_BILLING_ALLOWED_ORIGINS=
PRODUCTION_BILLING_ALLOWED_ORIGINS=
# Dashboard billing playground — demo RPC panel (must match server billing_system_flags.demo_billing_mode)
VITE_BILLING_DEMO_MODE=
# Optional: call Edge Function demo-ai-summarize when set (falls back to canned text on failure)
VITE_DEMO_USE_REAL_AI=
EXPO_PUBLIC_BILLING_DEMO_MODE=
EXPO_PUBLIC_DEMO_USE_REAL_AI=
# Supabase Access Token (for CLI operations)
SUPABASE_ACCESS_TOKEN=your-supabase-access-token
# OAuth - For Supabase Configuration
# These are used in supabase/config.toml via env() substitution
SUPABASE_AUTH_EXTERNAL_GOOGLE_CLIENT_ID=your-google-client-id
SUPABASE_AUTH_EXTERNAL_GOOGLE_SECRET=your-google-client-secret
SUPABASE_AUTH_EXTERNAL_APPLE_CLIENT_ID=your-apple-client-id
SUPABASE_AUTH_EXTERNAL_APPLE_SECRET=your-apple-client-secret
# Legacy OAuth env vars (kept for backwards compatibility)
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
APPLE_CLIENT_ID=your-apple-client-id
APPLE_CLIENT_SECRET=your-apple-client-secret
# AWS (for web deployment)
AWS_ACCESS_KEY_ID=your-aws-access-key-id
AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key
WEB_BUCKET=your-web-bucket-name
CLOUDFRONT_DISTRIBUTION_ID=your-cloudfront-distribution-id
STAGING_S3_BUCKET=your-staging-s3-bucket
STAGING_CLOUDFRONT_DISTRIBUTION_ID=your-staging-cloudfront-distribution-id
PRODUCTION_S3_BUCKET=your-production-s3-bucket
PRODUCTION_CLOUDFRONT_DISTRIBUTION_ID=your-production-cloudfront-distribution-id
BACKUP_BUCKET=your-backup-bucket
# EAS (Expo Application Services)
EXPO_TOKEN=your-expo-token
EXPO_ACCOUNT=your-expo-account-slug
# Google Services (for Android google-services.json generation)
# These are used to generate google-services.json during EAS builds
# Set these as EAS secrets: eas secret:create --scope project --name GOOGLE_SERVICES_PROJECT_NUMBER --value "your-value"
GOOGLE_SERVICES_PROJECT_NUMBER=your-google-services-project-number
GOOGLE_SERVICES_PROJECT_ID=your-google-services-project-id
GOOGLE_SERVICES_STORAGE_BUCKET=your-google-services-storage-bucket
GOOGLE_SERVICES_MOBILESDK_APP_ID=your-google-services-mobilesdk-app-id
# Production Android OAuth Client (for EAS/cloud builds - uses EAS keystore)
GOOGLE_SERVICES_ANDROID_CLIENT_ID=your-google-services-android-client-id
GOOGLE_SERVICES_ANDROID_CERTIFICATE_HASH=your-google-services-android-certificate-hash
# Debug Android OAuth Client (for local builds - uses debug keystore)
# Create a separate Android OAuth client in Google Cloud Console for debug builds
GOOGLE_SERVICES_ANDROID_DEBUG_CLIENT_ID=your-google-services-android-debug-client-id
GOOGLE_SERVICES_ANDROID_DEBUG_CERTIFICATE_HASH=your-google-services-android-debug-certificate-hash
GOOGLE_SERVICES_WEB_CLIENT_ID=your-google-services-web-client-id
GOOGLE_SERVICES_IOS_CLIENT_ID=your-google-services-ios-client-id
GOOGLE_SERVICES_API_KEY=your-google-services-api-key
# OAuth Client IDs (for app.config.js)
# These are used by app.config.js for Google Sign-In configuration
# Use GOOGLE_SERVICES_* variables (defined above) - no EXPO_PUBLIC_ prefix needed
# Email / SMTP (optional — see docs/EMAIL_TEMPLATES.md for Resend setup)
# RESEND_API_KEY= # Full-access key for `npm run setup:email` only (local; not GitHub)
SMTP_HOST=smtp.resend.com
SMTP_PORT=587
SMTP_USER=resend
SMTP_PASS= # Send-only Resend API key → GitHub secret RESEND_SMTP_PASS (all environments)
SMTP_ADMIN_EMAIL= # Sender address (e.g. notifications@auth.yourdomain.com — avoid noreply@)
SMTP_SENDER_NAME= # Display name, e.g. "BeakerStack Team"
# Kit marketing email (optional — see npm run setup:kit)
# KIT_API_KEY= # Kit Creator API v4 key → GitHub secret KIT_API_KEY (shared all envs)
# KIT_CRON_SECRET= # kit-sync auth + pg_cron; auto-generated by setup:kit if omitted
# KIT_WEBHOOK_SECRET= # Kit dashboard webhook signing secret → GitHub secret KIT_WEBHOOK_SECRET