Skip to main content
The scaffold validates env vars at startup with @t3-oss/env-nextjs and Zod. The full schema lives in src/env.ts — open it for the source of truth. This page mirrors that file, organized by category, so you can copy-paste your way to a working .env.local (and prod env) in one pass. A few conventions:
  • Required vars throw at startup if missing or empty.
  • Optional vars default to empty string and the consuming module no-ops gracefully.
  • NEXT_PUBLIC_* vars are shipped to the browser. Never put secrets in them.
  • Set SKIP_ENV_VALIDATION=true to bypass validation in CI build steps that don’t need real values (Vercel preview builds, Docker image bakes, etc.).

Core

The bare minimum for the app to boot.
VariableRequiredDefaultDescription
NODE_ENVnodevelopmentdevelopment / production / test. Set automatically by your runtime.
DATABASE_PROVIDERnopostgresReserved for future drivers. Only postgres works in v0.1.
DATABASE_URLyesPostgres connection string. Use the pooled URL in production.
BETTER_AUTH_SECRETyes16+ char secret for session signing. Generate: openssl rand -base64 32.
BETTER_AUTH_URLnoFull URL (with scheme) of your deployed app. Required in production for OAuth callbacks.
NEXT_PUBLIC_APP_URLnohttp://localhost:3000Used by sitemap, OG images, OAuth redirects. Set to your prod URL.
NEXT_PUBLIC_APP_NAMEnovibestrapDisplay name in titles, OG metadata, emails.
ADMIN_EMAILSno''Comma-separated list of admin emails. Auto-promoted to role: 'admin' on signup.

OAuth

Each provider is independent — set both id + secret to enable, leave blank to hide.
VariableRequiredDefaultDescription
GOOGLE_CLIENT_IDno''Google OAuth client id. Enables “Sign in with Google”.
GOOGLE_CLIENT_SECRETno''Google OAuth secret (server-only).
NEXT_PUBLIC_GOOGLE_CLIENT_IDno''Mirror of GOOGLE_CLIENT_ID. Needed for client-side One-Tap. Safe to expose.
GITHUB_CLIENT_IDno''GitHub OAuth app id. Enables “Sign in with GitHub”.
GITHUB_CLIENT_SECRETno''GitHub OAuth secret.

Mail

Resend is the default. The mail facade no-ops gracefully if RESEND_API_KEY is empty.
VariableRequiredDefaultDescription
RESEND_API_KEYno''Resend API key (re_…). Powers verification + welcome + reset-password emails.
RESEND_FROM_EMAILno[email protected]From: address. Switch to your verified domain in production.
RESEND_REPLY_TO_EMAILno''Optional Reply-To: header.
RESEND_AUDIENCE_IDno''Resend Audience id for newsletter (when newsletter.provider = 'resend').

Newsletter — Beehiiv

Only used if siteConfig.newsletter.provider = 'beehiiv'.
VariableRequiredDefaultDescription
BEEHIIV_API_KEYno''Beehiiv v2 API key.
BEEHIIV_PUBLICATION_IDno''Publication id (pub_…).

Payments — Stripe

Default provider. Only the *_PRICE_* ids you actually sell need to be set.
VariableRequiredDefaultDescription
STRIPE_SECRET_KEYyes (if active)''sk_test_… / sk_live_….
STRIPE_WEBHOOK_SECRETyes (if active)''whsec_… from the Stripe dashboard webhook config.
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEYno''pk_…. Needed for Stripe.js / Elements.
STRIPE_PRICE_VIBESTRAP_PROMOno''Price id for the vibestrap promo tier ($49).
STRIPE_PRICE_VIBESTRAP_STANDARDno''Price id for the vibestrap standard tier ($99).
STRIPE_PRICE_PRO_MONTHLYno''Buyer-app Pro plan, monthly.
STRIPE_PRICE_PRO_YEARLYno''Buyer-app Pro plan, yearly.
STRIPE_PRICE_LIFETIMEno''Buyer-app Lifetime tier.
STRIPE_PRICE_CREDITS_BASICno''Credit pack — basic.
STRIPE_PRICE_CREDITS_STANDARDno''Credit pack — standard.
STRIPE_PRICE_CREDITS_PREMIUMno''Credit pack — premium.
STRIPE_PRICE_CREDITS_ENTERPRISEno''Credit pack — enterprise.

Payments — Paddle

Only used if siteConfig.payment.provider = 'paddle'.
VariableRequiredDefaultDescription
PADDLE_API_KEYyes (if active)''Paddle API key.
PADDLE_WEBHOOK_SECRETyes (if active)''Webhook signing secret.
PADDLE_PRICE_VIBESTRAP_PROMOno''Price id for promo tier.
PADDLE_PRICE_VIBESTRAP_STANDARDno''Price id for standard tier.
NEXT_PUBLIC_PADDLE_CLIENT_TOKENno''Public client token for Paddle.js.
NEXT_PUBLIC_PADDLE_ENVnosandboxsandbox or production. Match your API key.

Payments — Lemon Squeezy

Only used if siteConfig.payment.provider = 'lemonsqueezy'.
VariableRequiredDefaultDescription
LEMON_SQUEEZY_API_KEYyes (if active)''API key from Lemon Squeezy dashboard.
LEMON_SQUEEZY_STORE_IDyes (if active)''Numeric store id.
LEMON_SQUEEZY_WEBHOOK_SECRETyes (if active)''Webhook signing secret.
LEMON_VARIANT_VIBESTRAP_PROMOno''Variant id for promo tier.
LEMON_VARIANT_VIBESTRAP_STANDARDno''Variant id for standard tier.

Payments — Creem

Only used if siteConfig.payment.provider = 'creem'.
VariableRequiredDefaultDescription
CREEM_API_KEYyes (if active)''Creem API key.
CREEM_WEBHOOK_SECRETyes (if active)''Webhook signing secret.
CREEM_PRICE_VIBESTRAP_PROMOno''Price id for promo tier.
CREEM_PRICE_VIBESTRAP_STANDARDno''Price id for standard tier.

AI providers

Phase 2 lights these up. v0.1 ships the mock provider so the demo pages stream fake tokens without keys.
VariableRequiredDefaultDescription
AI_PROVIDERnomockmock / openrouter / openai / anthropic / replicate / fal.
OPENROUTER_API_KEYno''OpenRouter key (gateway to most LLMs).
OPENROUTER_BASE_URLnohttps://openrouter.ai/api/v1Override only if self-hosting a gateway.
OPENAI_API_KEYno''OpenAI key (sk-…).
OPENAI_BASE_URLnohttps://api.openai.com/v1Override for Azure OpenAI or compat endpoints.
ANTHROPIC_API_KEYno''Anthropic key (sk-ant-…).
ANTHROPIC_BASE_URLnohttps://api.anthropic.comOverride for Bedrock / proxy.
REPLICATE_API_TOKENno''Replicate API token for image / audio models.
FAL_KEYno''fal.ai key for fast image generation.

Storage (S3 / R2)

Stub in v0.1 — wire if you need uploads or signed downloads.
VariableRequiredDefaultDescription
S3_ENDPOINTno''Endpoint URL. AWS S3, Cloudflare R2, MinIO all work.
S3_REGIONno''Bucket region. R2 uses auto.
S3_ACCESS_KEY_IDno''Access key id.
S3_SECRET_ACCESS_KEYno''Secret access key.
S3_BUCKETno''Bucket name.
S3_PUBLIC_URLno''Public CDN base URL for served objects.

Anti-bot — Cloudflare Turnstile

Set both keys to enable Turnstile on signup, forgot-password, and newsletter forms.
VariableRequiredDefaultDescription
TURNSTILE_SECRET_KEYno''Server-side verification secret.
NEXT_PUBLIC_TURNSTILE_SITE_KEYno''Public site key for the widget.

Customer service

One widget at a time, picked by siteConfig.customerService.provider. Each widget self-gates on its env vars.
VariableRequiredDefaultDescription
NEXT_PUBLIC_CRISP_WEBSITE_IDno''Crisp website id (UUID).
NEXT_PUBLIC_TAWK_PROPERTY_IDno''tawk.to property id.
NEXT_PUBLIC_TAWK_WIDGET_IDno''tawk.to widget id.
NEXT_PUBLIC_INTERCOM_APP_IDno''Intercom workspace id.
NEXT_PUBLIC_CHATWOOT_WEBSITE_TOKENno''Chatwoot website token.
NEXT_PUBLIC_CHATWOOT_BASE_URLnohttps://app.chatwoot.comSelf-hosted Chatwoot URL if you run your own.

Affiliate

Set the matching var(s) for whichever provider is active in siteConfig.affiliate.provider. The internal provider needs no env vars.
VariableRequiredDefaultDescription
NEXT_PUBLIC_AFFONSO_PROGRAM_IDno''Affonso program id.
NEXT_PUBLIC_REWARDFUL_API_KEYno''Rewardful public API key.
NEXT_PUBLIC_TOLT_API_KEYno''Tolt public API key.

Analytics

Each script renders only when its env var is set. Mix and match freely.
VariableRequiredDefaultDescription
NEXT_PUBLIC_GOOGLE_ANALYTICS_IDno''GA4 measurement id (G-…).
NEXT_PUBLIC_POSTHOG_KEYno''PostHog project key.
NEXT_PUBLIC_POSTHOG_HOSTnohttps://us.i.posthog.comEU users: https://eu.i.posthog.com.
NEXT_PUBLIC_PLAUSIBLE_DOMAINno''Plausible site domain.
NEXT_PUBLIC_PLAUSIBLE_HOSTnohttps://plausible.ioSelf-hosted Plausible URL if applicable.
NEXT_PUBLIC_UMAMI_WEBSITE_IDno''Umami website id.
NEXT_PUBLIC_UMAMI_HOSTnohttps://cloud.umami.isSelf-hosted Umami URL if applicable.
NEXT_PUBLIC_CLARITY_PROJECT_IDno''Microsoft Clarity project id (heatmaps + session replay).
NEXT_PUBLIC_YANDEX_METRIKA_IDno''Yandex Metrika counter id (digits only).

Search-engine site verification

Each emits a <meta> tag in <head> via Next.js metadata.verification, proving ownership in the matching webmaster console. Server-side env vars (no NEXT_PUBLIC_ prefix). Empty values render no tag.
VariableRequiredDefaultDescription
GOOGLE_SITE_VERIFICATIONno''Google Search Console — content value of the google-site-verification meta tag.
BING_SITE_VERIFICATIONno''Bing Webmaster Tools — content value of the msvalidate.01 meta tag.
YANDEX_SITE_VERIFICATIONno''Yandex Webmaster — content value of the yandex-verification meta tag.

License delivery

Where the buyer-download endpoint redirects after a successful purchase.
VariableRequiredDefaultDescription
LICENSE_DOWNLOAD_URLno''URL pattern with {key} placeholder. Typically a private GitHub release tarball or S3 signed URL.

Misc

VariableRequiredDefaultDescription
NEXT_PUBLIC_DEMO_MODEnofalseSet true to hide real payment + auth and show the read-only demo overlay.

See also