Environment Configuration
Overview
The Next.js 15 StarShip Developer Kit is designed to be highly configurable through environment variables. This guide will walk you through all available environment variables and how to configure external services using our recommended environment file structure.
Environment Files Structure
We recommend using the following environment file structure for proper separation between environments:
.env.example- Template file with all environment variables (with empty values).env- Common variables and documentation across all environments.env.development.local- Local development environment variables (ignored by Git).env.production- Production environment variables
To get started quickly, copy the .env.example file to .env and fill in the values appropriate for your environment:
cp .env.example .env
This structure follows Next.js's environment loading prioritization:
.env.development.local- Highest priority, overrides everything else (local only).env.production- Loaded in production environments.env- Lowest priority, provides defaults
Important: For more details on how Next.js handles environment variables and loading priority, see the official Next.js documentation (nextjs.org/docs/pages/guides/environment-variables).
Core Configuration
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_APP_URL | The public URL of your application | Yes |
NODE_ENV | The environment (development, production, test) | Optional (defaults to development) |
PORT | The port to run the server on | Optional (defaults to 3000) |
Database Configuration
Database Connection
| Variable | Description | Required |
|---|---|---|
DATABASE_URL | The connection string for your local database | Yes |
DEVELOPMENT_DATABASE_URL | Remote development database connection string | Optional |
PRODUCTION_DATABASE_URL | Production database connection string | Optional |
Docker PostgreSQL Configuration
| Variable | Description | Required |
|---|---|---|
DB_USER | PostgreSQL username for Docker container | Required for Docker |
DB_PASSWORD | PostgreSQL password for Docker container | Required for Docker |
DB_NAME | PostgreSQL database name for Docker container | Required for Docker |
DB_PORT | PostgreSQL port for Docker container | Required for Docker |
Example DATABASE_URL for local PostgreSQL Docker:
DATABASE_URL=postgresql://nextstarter:@localhost:5432/nextstarter?sslmode=disable
Authentication Configuration
| Variable | Description | Required |
|---|---|---|
NEXTAUTH_URL | The URL of your application | Yes |
NEXTAUTH_SECRET | A secret used to encrypt cookies and tokens | Yes |
GOOGLE_CLIENT_ID | Google OAuth client ID | Optional |
GOOGLE_CLIENT_SECRET | Google OAuth client secret | Optional |
You can generate a secure NEXTAUTH_SECRET using:
openssl rand -base64 32
Supabase Configuration
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URL | Your Supabase project URL | Required for image storage |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Your Supabase anonymous key | Required for image storage |
SUPABASE_SERVICE_ROLE_KEY | Your Supabase service role key | Required for image storage |
Stripe Configuration
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY | Your Stripe publishable key | Optional |
STRIPE_SECRET_KEY | Your Stripe secret key | Optional |
STRIPE_WEBHOOK_SECRET | Your Stripe webhook secret | Optional |
NEXT_PUBLIC_STRIPE_SUBSCRIPTION_PRICE_ID | The ID of your subscription price in Stripe | Optional |
NEXT_PUBLIC_STRIPE_ONE_TIME_PRICE_ID | The ID of your one-time payment price in Stripe | Optional |
Email Configuration
(Required for Auth-related email notifications, password reset and stripe purchase notifications)
| Variable | Description | Required |
|---|---|---|
SMTP_HOST | SMTP server host | Optional |
SMTP_PORT | SMTP server port | Optional |
SMTP_USER | SMTP username | Optional |
SMTP_PASSWORD | SMTP password | Optional |
SMTP_FROM | Default sender email address | Optional |
OpenAI Configuration
| Variable | Description | Required |
|---|---|---|
OPENAI_API_KEY | Your OpenAI API key | Optional |
NEXT_PUBLIC_OPENAI_API_KEY | Your OpenAI API key (for client components) | Optional |
Example Environment Files
Example .env file (shared defaults)
# Core Configuration NEXT_PUBLIC_APP_URL=http://localhost:3000 NODE_ENV=development # Authentication Configuration NEXTAUTH_URL=http://localhost:3000 NEXTAUTH_SECRET=generate-with-openssl-rand-base64-32 # This file contains documentation and shared defaults # Specific values should be in .env.development.local or .env.production
Example .env.development.local (for local development)
# Local Database Configuration DATABASE_URL=postgresql://nextstarter:@localhost:5432/nextstarter?sslmode=disable # Docker PostgreSQL Configuration DB_USER=nextstarter DB_PASSWORD= DB_NAME=nextstarter DB_PORT=5432 # Development Database (for sync) DEVELOPMENT_DATABASE_URL=postgresql://postgres.supabase:password@aws-region.pooler.supabase.com:6543/postgres?sslmode=no-verify # Supabase Development Project NEXT_PUBLIC_SUPABASE_URL=your-dev-supabase-url NEXT_PUBLIC_SUPABASE_ANON_KEY=your-dev-supabase-anon-key SUPABASE_SERVICE_ROLE_KEY=your-dev-supabase-service-role-key # OAuth for Development GOOGLE_CLIENT_ID=your-dev-google-client-id GOOGLE_CLIENT_SECRET=your-dev-google-client-secret # Stripe Test Credentials NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=your-test-stripe-key STRIPE_SECRET_KEY=your-test-stripe-secret STRIPE_WEBHOOK_SECRET=your-test-webhook-secret # OpenAI for Development OPENAI_API_KEY=your-openai-key
Example .env.production (for production deployment)
# Production Database Configuration DATABASE_URL=postgresql://postgres.supabase:password@aws-region.pooler.supabase.com:6543/postgres # Supabase Production Project NEXT_PUBLIC_SUPABASE_URL=your-prod-supabase-url NEXT_PUBLIC_SUPABASE_ANON_KEY=your-prod-supabase-anon-key SUPABASE_SERVICE_ROLE_KEY=your-prod-supabase-service-role-key # OAuth for Production GOOGLE_CLIENT_ID=your-prod-google-client-id GOOGLE_CLIENT_SECRET=your-prod-google-client-secret # Stripe Live Credentials NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=your-live-stripe-key STRIPE_SECRET_KEY=your-live-stripe-secret STRIPE_WEBHOOK_SECRET=your-live-webhook-secret # OpenAI for Production OPENAI_API_KEY=your-production-openai-key
Environment Variable Validation
The Next.js 15 StarShip Developer Kit includes a validation system for environment variables. This ensures that all required variables are set and have the correct format.
// Example of environment variable validation
import { z } from "zod";
const envSchema = z.object({
DATABASE_URL: z.string().url(),
NEXTAUTH_URL: z.string().url(),
NEXTAUTH_SECRET: z.string().min(1),
// Add more variables as needed
});
export function validateEnv() {
try {
envSchema.parse(process.env);
return true;
} catch (error) {
console.error("Invalid environment variables:", error);
return false;
}
}You can call this function at the start of your application to ensure all required environment variables are set correctly.
Accessing Environment Variables
In Next.js, you can access environment variables in your code usingprocess.env:
// Server Component
export default function ServerComponent() {
const databaseUrl = process.env.DATABASE_URL;
// Use databaseUrl
}
// Client Component
"use client";
export default function ClientComponent() {
const appUrl = process.env.NEXT_PUBLIC_APP_URL;
// Use appUrl
}Note that only variables prefixed with NEXT_PUBLIC_ are available in client components. All variables are available in server components.
Best Practices for Environment Variables
- Never commit environment files containing secrets to version control
- Use descriptive comments to document the purpose of each variable
- Keep database credentials, API keys, and other secrets in environment variables, never hardcode them
- Use separate environment files for different environments (development, production)
- Consider using a secret manager service for production environments
- Use git-secrets or similar tools to prevent accidental commits of sensitive data