Two files exist on purpose — they are not duplicates you both fill with secrets.
| File | Role |
|---|
.env.example | Safe template committed to git. Shows names and placeholders. No real secrets. |
.env | Your real local or production secrets. Gitignored. The app reads only this. |
Workflow: copy once (cp .env.example .env), then edit only .env. Leave .env.example as the shared checklist.
Required for local development
| Variable | Purpose |
|---|
DATABASE_URL | Postgres connection string (Docker defaults work out of the box) |
REDIS_URL | Redis for BullMQ and rate limiting |
NEXTAUTH_URL | App URL, e.g. http://localhost:3000 |
NEXTAUTH_SECRET | Long random string (e.g. openssl rand -base64 32) |
GOOGLE_CLIENT_ID | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | Google OAuth client secret |
Optional
| Variable | Purpose |
|---|
TOKEN_ENCRYPTION_KEY | Encrypts YouTube tokens at rest; falls back to NEXTAUTH_SECRET if unset |
ADMIN_API_KEY | Bearer token to approve/reject quota and rate-limit extension requests |
UPLOAD_DIR | Upload storage path; defaults to ./uploads |
FFMPEG_PATH | Override bundled ffmpeg-static binary |
NEXT_PUBLIC_GITEA_URL | Footer / open-source link |
NEXT_PUBLIC_GITEA_ISSUES_URL | Bug report link |
NEXT_PUBLIC_DOCKER_HUB_URL | Docker image link |
Notes
- Pro user API keys are generated in Dashboard → Settings (hashed at rest). They are not env vars.
- Never commit
.env or put production secrets in .env.example.