This document describes the environment variables used in Presidential Punch Peru and how to configure them.
-
Copy the example environment file:
cp .env.example .env.local
-
Fill in the required values in
.env.local -
Never commit
.env.localto version control (it's already in.gitignore)
These variables are embedded in the client-side bundle and are publicly visible. Never put secrets in VITE_ variables!
- Type: String (optional)
- Purpose: PostHog analytics and session recording
- Default: Disabled if not provided
- Where to get it: PostHog Dashboard → Project Settings → API Key
- Development: Optional (analytics will be disabled)
- Production: Recommended for user analytics and debugging
Example:
VITE_POSTHOG_KEY=phc_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx- Purpose: Toggle between real API and mock data in development
Example:
VITE_USE_API=false # Use mock data in development
# VITE_USE_API=true # Use real API in development- Type: Boolean string flag (optional)
- Purpose: In local development, proxy
/apirequests to the production API. - Default: Unset/empty → no proxy
- Enabled values:
"true"(recommended)
Example:
USE_PROD_API=trueThese variables are only available on the server (API routes) and are never exposed to the client.
- Type: String (required for API routes)
- Purpose: Vercel Blob Storage authentication for vote data
- Where to get it: Vercel Dashboard → Storage → Blob → Create Token
- Development: Optional (API routes won't work without it)
- Production: Required for the voting/ranking system to function
Example:
BLOB_READ_WRITE_TOKEN=vercel_blob_rw_xxxxxxxxxxxxxxxxxxxxxxxx- Type: String (automatically set)
- Purpose: Determines environment (development/production/test)
- Default: Automatically set by most platforms
- Values:
development,production,test - Note: Usually don't need to set this manually
-
Create
.env.local:# Optional: Enable analytics (or leave empty to disable) VITE_POSTHOG_KEY= # Optional: Use mock data instead of API VITE_USE_API=false # Optional: Only needed if testing API routes BLOB_READ_WRITE_TOKEN=
-
Run development server:
npm run dev
Set environment variables in Vercel Dashboard:
- Go to Project Settings → Environment Variables
- Add the following:
VITE_POSTHOG_KEY: Your PostHog API key (for production project)BLOB_READ_WRITE_TOKEN: Your Vercel Blob token (required)
- Deploy
If deploying to a platform other than Vercel:
-
Set environment variables in your hosting platform:
VITE_POSTHOG_KEY(optional)BLOB_READ_WRITE_TOKEN(required if using API routes)
-
Note: Vercel Blob Storage is specific to Vercel. For other platforms, you'll need to:
- Use a different storage solution (e.g., AWS S3, Google Cloud Storage)
- Update
api/storage.tsto work with your chosen storage provider
- Never commit secrets:
.env.localand.envare in.gitignore - VITE_ variables are public: They're embedded in the client bundle
- Server variables are private: They're only available in API routes
- Use different keys per environment: Don't reuse production keys in development
- Rotate compromised keys immediately: If a key is exposed, regenerate it
✅ Safe (can use VITE_ prefix):
- API endpoints (public URLs)
- Feature flags
- Public configuration
- Application version
- PostHog project key (designed to be public)
❌ Never expose (never use VITE_ prefix):
- Private API keys
- Database credentials
- Secret tokens
- Encryption keys
- OAuth secrets
- Check that
VITE_POSTHOG_KEYis set correctly - In development, check browser console for PostHog logs
- Verify PostHog key in dashboard matches your
.env.local
- Check that
BLOB_READ_WRITE_TOKENis set - Verify token has read/write permissions in Vercel Blob dashboard
- Check Vercel function logs for specific errors
- After changing
VITE_*variables, restart the dev server - Server-side variables require redeployment on Vercel
- Clear browser cache if needed
- Make sure you copied
.env.exampleto.env.local - Verify all required variables are set
- Check for typos in variable names