superteam-academy/.env.example at main · solanabr/superteam-academy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# ── Supabase ──────────────────────────────────────────────────────────────────
NEXT_PUBLIC_SUPABASE_URL=your-supabase-url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-supabase-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-supabase-service-role-key   # PRIVATE — server-only

# ── Sanity CMS ────────────────────────────────────────────────────────────────
NEXT_PUBLIC_SANITY_PROJECT_ID=your-sanity-project-id
NEXT_PUBLIC_SANITY_DATASET=production
SANITY_API_TOKEN=                          # Only needed for seed import (sanity/seed/import.mjs)

# ── Solana ────────────────────────────────────────────────────────────────────
NEXT_PUBLIC_SOLANA_RPC_URL=https://devnet.helius-rpc.com/?api-key=YOUR_KEY
NEXT_PUBLIC_SOLANA_NETWORK=devnet

# On-chain program (see docs/DEPLOY-PROGRAM.md for deployment guide)
NEXT_PUBLIC_PROGRAM_ID=                    # Program ID from anchor deploy
NEXT_PUBLIC_XP_MINT_ADDRESS=               # XP mint pubkey (from initialize.ts output)
NEXT_PUBLIC_BACKEND_SIGNER=                # Authority pubkey (same as deployer on devnet)

# ── Helius ───────────────────────────────────────────────────────────────────
# Server-only API key for webhook management + DAS API (same key as in RPC URL)
HELIUS_API_KEY=
# Shared secret for Helius webhook Authorization header validation
HELIUS_WEBHOOK_SECRET=

# ── Auth ──────────────────────────────────────────────────────────────────────
NEXT_PUBLIC_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com

# ── Analytics (optional — platform works without these) ───────────────────────
# Google Analytics 4
NEXT_PUBLIC_GA4_MEASUREMENT_ID=G-XXXXXXXXXX

# PostHog
NEXT_PUBLIC_POSTHOG_KEY=your-posthog-key
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com

# Sentry
SENTRY_DSN=your-sentry-dsn

# ── Build Server (GCP Cloud Run) ──────────────────────────────────────────────
# Direct Cloud Run URL (IAM check disabled, app validates X-API-Key)
BUILD_SERVER_URL=https://academy-build-server-HASH.a.run.app
# API key for X-API-Key header (same value as ACADEMY_API_KEY on Cloud Run)
BUILD_SERVER_API_KEY=                      # PRIVATE — server-only

# ── App URL (for sitemap, OG tags, NFT metadata URI) ─────────────────────────
NEXT_PUBLIC_APP_URL=http://localhost:3000

# ── Admin operations (server-only — never expose to browser) ──────────────────
# JSON array of authority keypair bytes (64 elements), e.g. [12,34,...]
# This is the keypair that signed `initialize`. On devnet, same as BACKEND_SIGNER_SECRET.
PROGRAM_AUTHORITY_SECRET=
# Backend co-signer for user-triggered on-chain instructions (completeLesson, issueCredential…).
# On devnet: same value as PROGRAM_AUTHORITY_SECRET.
# On mainnet: rotate to a dedicated hot wallet via update_config.
BACKEND_SIGNER_SECRET=
# Simple password for /admin dashboard (min 32 chars recommended)
ADMIN_SECRET=
# Write-enabled Sanity API token — create at sanity.io/manage → API → Tokens
SANITY_ADMIN_TOKEN=