Environment Variables
Complete reference of all environment variables, their visibility, and per-app configuration.
Overview
ScaleRocket uses environment variables to configure each app and the backend. This page lists every variable, whether it's safe to expose publicly, and where it's used.
Per-App Configuration
apps/web (.env.local)
The Next.js marketing site. Variables prefixed with NEXT_PUBLIC_ are bundled into the client and safe to expose.
| Variable | Required | Public | Description |
|---|---|---|---|
NEXT_PUBLIC_WEB_URL | Yes | Yes | Marketing site URL (e.g. https://scalerocket.dev) |
NEXT_PUBLIC_APP_URL | Yes | Yes | Dashboard URL for "Go to Dashboard" links |
NEXT_PUBLIC_PLAUSIBLE_DOMAIN | No | Yes | Domain for Plausible analytics |
NEXT_PUBLIC_GA_ID | No | Yes | Google Analytics measurement ID |
NEXT_PUBLIC_POSTHOG_KEY | No | Yes | PostHog project API key |
# apps/web/.env.local
NEXT_PUBLIC_WEB_URL=https://scalerocket.dev
NEXT_PUBLIC_APP_URL=https://app.scalerocket.dev
# Analytics (optional)
NEXT_PUBLIC_PLAUSIBLE_DOMAIN=scalerocket.dev
NEXT_PUBLIC_GA_ID=G-XXXXXXXXXX
NEXT_PUBLIC_POSTHOG_KEY=phc_xxxapps/app (.env.local)
The Vite user dashboard. Variables prefixed with VITE_ are bundled into the client.
| Variable | Required | Public | Description |
|---|---|---|---|
VITE_WEB_URL | Yes | Yes | Marketing site URL for back-links |
VITE_APP_URL | Yes | Yes | Dashboard URL (self-reference for redirects) |
VITE_SUPABASE_URL | Yes | Yes | Supabase project URL (https://xxx.supabase.co) |
VITE_SUPABASE_ANON_KEY | Yes | Yes | Supabase anonymous/public key (safe to expose) |
VITE_STRIPE_PUBLISHABLE_KEY | Yes | Yes | Stripe publishable key (pk_test_ or pk_live_) |
# apps/app/.env.local
VITE_WEB_URL=https://scalerocket.dev
VITE_APP_URL=https://app.scalerocket.dev
VITE_SUPABASE_URL=https://xxx.supabase.co
VITE_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_xxx| Variable | Required | Public | Description |
|---|---|---|---|
VITE_WEB_URL | Yes | Yes | Marketing site URL for back-links |
VITE_APP_URL | Yes | Yes | Dashboard URL (self-reference for redirects) |
VITE_CONVEX_URL | Yes | Yes | Convex deployment URL (https://xxx.convex.cloud) |
VITE_STRIPE_PUBLISHABLE_KEY | Yes | Yes | Stripe publishable key (pk_test_ or pk_live_) |
# apps/app/.env.local
VITE_WEB_URL=https://scalerocket.dev
VITE_APP_URL=https://app.scalerocket.dev
VITE_CONVEX_URL=https://xxx.convex.cloud
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_xxxapps/ops (.env.local)
The Vite admin panel.
Requires the service role key for unrestricted database access.
| Variable | Required | Public | Description |
|---|---|---|---|
VITE_SUPABASE_URL | Yes | Yes | Supabase project URL |
VITE_SUPABASE_ANON_KEY | Yes | Yes | Supabase anonymous/public key |
VITE_SUPABASE_SERVICE_KEY | Yes | No | Supabase service role key -- bypasses RLS |
# apps/ops/.env.local
VITE_SUPABASE_URL=https://xxx.supabase.co
VITE_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
VITE_SUPABASE_SERVICE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Warning: The service role key grants full database access, bypassing all RLS policies. Never add it to apps/web or apps/app.
| Variable | Required | Public | Description |
|---|---|---|---|
VITE_CONVEX_URL | Yes | Yes | Convex deployment URL |
# apps/ops/.env.local
VITE_CONVEX_URL=https://xxx.convex.cloudAdmin access control is handled server-side by Convex functions using the ADMIN_EMAILS environment variable.
Backend Secrets
Edge Functions automatically have access to SUPABASE_URL, SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY without any configuration.
The following secrets must be set manually:
| Variable | Required | Description |
|---|---|---|
STRIPE_SECRET_KEY | Yes | Stripe API secret key (sk_test_ or sk_live_) |
STRIPE_WEBHOOK_SECRET | Yes | Stripe webhook signing secret (whsec_...) |
APP_URL | Yes | Dashboard URL for redirects in Edge Functions |
RESEND_API_KEY | Yes | Resend email API key (re_...) |
RESEND_FROM_EMAIL | Yes | Sender email address (e.g. noreply@scalerocket.dev) |
ADMIN_EMAILS | Yes | Comma-separated list of admin email addresses |
GOOGLE_API_KEY | No | Google API key (only if using AI features) |
For local development, create supabase/.env:
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
APP_URL=http://localhost:5173
RESEND_API_KEY=re_xxx
RESEND_FROM_EMAIL=noreply@yourdomain.com
ADMIN_EMAILS=admin@example.com
GOOGLE_API_KEY=xxx # optionalFor production, set secrets via CLI:
pnpm supabase secrets set STRIPE_SECRET_KEY=sk_live_xxx
pnpm supabase secrets set STRIPE_WEBHOOK_SECRET=whsec_xxx
pnpm supabase secrets set APP_URL=https://app.scalerocket.dev
pnpm supabase secrets set RESEND_API_KEY=re_xxx
pnpm supabase secrets set RESEND_FROM_EMAIL=noreply@yourdomain.com
pnpm supabase secrets set ADMIN_EMAILS=admin@example.com
pnpm supabase secrets set GOOGLE_API_KEY=xxx # optionalThe following environment variables must be set for Convex functions:
| Variable | Required | Description |
|---|---|---|
STRIPE_SECRET_KEY | Yes | Stripe API secret key (sk_test_ or sk_live_) |
STRIPE_WEBHOOK_SECRET | Yes | Stripe webhook signing secret (whsec_...) |
APP_URL | Yes | Dashboard URL for redirects |
RESEND_API_KEY | Yes | Resend email API key (re_...) |
RESEND_FROM_EMAIL | Yes | Sender email address (e.g. noreply@scalerocket.dev) |
ADMIN_EMAILS | Yes | Comma-separated list of admin email addresses |
GOOGLE_API_KEY | No | Google API key (only if using AI features) |
For local development, set env vars on the dev deployment:
npx convex env set STRIPE_SECRET_KEY sk_test_xxx
npx convex env set STRIPE_WEBHOOK_SECRET whsec_xxx
npx convex env set APP_URL http://localhost:5173
npx convex env set RESEND_API_KEY re_xxx
npx convex env set RESEND_FROM_EMAIL noreply@yourdomain.com
npx convex env set ADMIN_EMAILS admin@example.comFor production, set env vars on the prod deployment:
npx convex env set STRIPE_SECRET_KEY sk_live_xxx --prod
npx convex env set STRIPE_WEBHOOK_SECRET whsec_xxx --prod
npx convex env set APP_URL https://app.scalerocket.dev --prod
npx convex env set RESEND_API_KEY re_xxx --prod
npx convex env set RESEND_FROM_EMAIL noreply@yourdomain.com --prod
npx convex env set ADMIN_EMAILS admin@example.com --prodLocal Development Values
When running Supabase locally with pnpm supabase start, it prints the local credentials:
API URL: http://localhost:54321
anon key: eyJhbGci...
service_role key: eyJhbGci...Use these in your .env.local files during development.
When running Convex locally with npx convex dev, it connects to your dev deployment. The Convex URL is shown in the terminal output and stored in .env.local:
VITE_CONVEX_URL=https://YOUR_DEV_DEPLOYMENT.convex.cloudSecurity Rules
- Never commit
.env.localfiles. They are in.gitignoreby default. - Never expose secret keys in client-side code. Only
NEXT_PUBLIC_*andVITE_*prefixed variables are bundled into the client. - Use different keys for test and production. Stripe test keys (
sk_test_) for development, live keys (sk_live_) for production. - Rotate keys if compromised. Regenerate in the respective dashboard (Supabase, Stripe, Resend) and update everywhere.
- Set Vercel env vars for each deployed app separately. Each Vercel project has its own environment variables.
Done reading? Mark this page as complete.