Skip to main content

Environment variables

Two files exist on purpose — they are not duplicates you both fill with secrets.

FileRole
.env.exampleSafe template committed to git. Shows names and placeholders. No real secrets.
.envYour real local or production secrets. Gitignored. The app reads only this.

Workflow: copy once (cp .env.example .env), then edit only .env. Leave .env.example as the shared checklist.

Required for local development

VariablePurpose
DATABASE_URLPostgres connection string (Docker defaults work out of the box)
REDIS_URLRedis for BullMQ and rate limiting
NEXTAUTH_URLApp URL, e.g. http://localhost:3000
NEXTAUTH_SECRETLong random string (e.g. openssl rand -base64 32)
GOOGLE_CLIENT_IDGoogle OAuth client ID
GOOGLE_CLIENT_SECRETGoogle OAuth client secret

Optional

VariablePurpose
TOKEN_ENCRYPTION_KEYEncrypts YouTube tokens at rest; falls back to NEXTAUTH_SECRET if unset
ADMIN_API_KEYBearer token to approve/reject quota and rate-limit extension requests
UPLOAD_DIRUpload storage path; defaults to ./uploads
FFMPEG_PATHOverride bundled ffmpeg-static binary
NEXT_PUBLIC_GITEA_URLFooter / open-source link
NEXT_PUBLIC_GITEA_ISSUES_URLBug report link
NEXT_PUBLIC_DOCKER_HUB_URLDocker image link

Notes

  • Pro user API keys are generated in Dashboard → Settings (hashed at rest). They are not env vars.
  • Never commit .env or put production secrets in .env.example.