-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
84 lines (70 loc) · 3.53 KB
/
.env.example
File metadata and controls
84 lines (70 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/volunteeermatch"
# Direct (non-pooled) connection used by Prisma for migrations (prisma migrate deploy).
# Required on Neon/Supabase where PgBouncer's transaction mode breaks advisory locks.
# On Vercel+Neon this is the DATABASE_URL_UNPOOLED env var set by Neon integration.
# For local dev, set to the same value as DATABASE_URL.
DATABASE_URL_UNPOOLED="postgresql://postgres:postgres@localhost:5432/volunteeermatch"
NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="replace-me"
GOOGLE_CLIENT_ID="replace-me"
GOOGLE_CLIENT_SECRET="replace-me"
RESEND_API_KEY="replace-me"
RESEND_FROM_EMAIL="VolunteerReady <noreply@volunteerready.org>"
# Resend webhook — verifies email delivery event signatures
# Get from Resend dashboard > Webhooks > Signing secret
RESEND_WEBHOOK_SECRET=
# Platform admin — comma-separated user IDs (legacy env-var fallback).
# Prefer DB column User.isPlatformAdmin; use `pnpm admin:grant <email>` to manage.
PLATFORM_ADMIN_IDS=
NEXT_PUBLIC_APP_URL="http://localhost:3005"
# Stripe — server-only, never expose to client
STRIPE_SECRET_KEY="sk_test_..."
STRIPE_WEBHOOK_SECRET="whsec_..."
STRIPE_PRICE_ID_STARTER="price_..."
STRIPE_PRICE_ID_PRO="price_..."
# Vercel Cron — authenticates scheduled cron requests
CRON_SECRET=
# Checkr Partner API — server-only, NEVER prefix with NEXT_PUBLIC_
# Register at https://partners.checkr.com to get client_id and client_secret
CHECKR_CLIENT_ID="replace-me"
CHECKR_CLIENT_SECRET="replace-me"
CHECKR_DEFAULT_PACKAGE="tasker_standard"
# Encryption key for Checkr OAuth tokens at rest (AES-256-GCM)
# Must be exactly 64 hex characters (32 bytes). Generate with:
# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
CHECKR_TOKEN_ENCRYPTION_KEY="replace-me-with-64-hex-chars"
# Key rotation (optional): set during rotation, remove after migration.
# See src/server/lib/crypto.ts for the 5-step rotation sequence.
# CHECKR_TOKEN_ENCRYPTION_KEY_NEW=""
# Sterling Background Checks — API key auth (not OAuth)
# Admin pastes their API key in org settings; stored encrypted at rest.
# STERLING_WEBHOOK_SECRET verifies incoming Sterling webhook signatures (HMAC-SHA256).
STERLING_WEBHOOK_SECRET=
# QR Check-in — HMAC-SHA256 secret for stateless check-in tokens
# Must be 32+ bytes hex. Generate with:
# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
CHECKIN_HMAC_SECRET=
# Case study consent email HMAC signing key
# Generate with: openssl rand -hex 32
CASE_STUDY_CONSENT_SECRET=
# Opportunity digest unsubscribe HMAC signing key
# Generate with: openssl rand -hex 32
DIGEST_UNSUBSCRIBE_SECRET=
# Upstash Redis — rate limiting (get from https://console.upstash.com)
# Leave blank in local dev to disable rate limiting (fail-open)
UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=
# Platform admin alerts — single override for ALL admin notifications:
# new user signups, new org/company registrations, security alerts (impersonation), feedback.
# If set, all admin emails go to this address instead of every platform admin.
# Recommend your personal email in dev, a shared ops alias in production.
# In prod: set PLATFORM_ADMIN_ALERT_EMAIL=you@example.com
PLATFORM_ADMIN_ALERT_EMAIL=
# DEPRECATED: use PLATFORM_ADMIN_ALERT_EMAIL instead (still works if set).
FEEDBACK_NOTIFY_EMAIL=
# Sentry — NEXT_PUBLIC_SENTRY_DSN is safe to expose (it's designed to be public)
# SENTRY_AUTH_TOKEN, SENTRY_ORG, SENTRY_PROJECT are needed at BUILD TIME in CI/Vercel
NEXT_PUBLIC_SENTRY_DSN=
SENTRY_AUTH_TOKEN=
SENTRY_ORG=
SENTRY_PROJECT=