Environment variables
This page describes environment and deployment-related configuration for the monorepo.
SolidStart app (site-solidstart) — on hold
The SolidStart package is on hold and is not the official web target. Environment documentation for that package is deferred until the port is revived.
Next.js app (site-nextjs) — official full stack
The production implementation in this monorepo today is primarily the Next.js app under site-nextjs/, with Convex, Better Auth, Square, and Radar. Most variables and file layout below are Next.js–specific (NEXT_*, App Router, Vercel).
Local development
For local development, we use .env and .env.local files.
Variable file overview
-
.env: Contains non-sensitive development defaults. Shared across some tools but overridden by.env.localin Next.js. -
.env.local: Contains your personal API keys and secrets. This file is ignored by git. -
.env.example: A template for the.envfile. -
.env.local.example: A template for the.env.localfile.
Next.js encourages use of .env.local to store all personal secrets. While .env will work, it is less accurate for local overrides. Variables in .env.local override variables in .env, which is useful if you are testing a function locally and you don’t want to replace shared information in .env.
Because most software developers are unaware of the difference, they might drop sensitive information into .env instead of .env.local. To be safe, both are excluded from git via .gitignore. Other non-local versions (like .env.development) are also typically ignored to prevent hardcoded secrets in project history.
CI/CD pipeline
If you are trying to deploy this code via CI/CD pipelines on GitHub, Vercel, or other deployment platforms, do not use .env files to store variables. Environment variables for staging or production environments should be managed by secret managers or injected directly into the deployment pipeline.
Setup
To get started, copy the template files in the site-nextjs directory:
cd site-nextjs
cp .env.example .env
cp .env.local.example .env.localVariable reference
| Variable | Description | Source |
|---|---|---|
|
Base URL for the API (server-side calls) |
Internal / Zuplo |
|
Base URL for API calls from the frontend |
Internal / Vercel Domain |
|
The map provider to use for rendering tiles. Options: |
Internal (Default: |
|
Publishable key for Radar SDK (Maps/Location) |
|
|
Your Convex deployment ID (e.g., |
|
|
Your Convex deployment URL |
|
|
Required for Vercel to deploy Convex functions during build |
|
|
Square Application ID |
|
|
Square Access Token (Sandbox/Production) |
|
|
Square Webhook Signature Key |
|
|
Random string for NextAuth.js encryption |
Generate with |
|
32-character key for data encryption (Local) |
Any random 32-character string |
|
32-character key for sensitive token encryption (Vercel) |
Any random 32-character string |
|
Secret for Better Auth session signing (use a long random string in production) |
Generate with |
|
Public origin of the Next.js app as seen by the auth server (no trailing path) |
e.g. |
|
Same origin as |
Must match deployment URL (include |
|
Comma-separated list of sign-in emails granted the Convex |
e.g. |
|
Google OAuth credentials for Better Auth social sign-in |
|
|
Meta (Facebook) OAuth credentials for Better Auth social sign-in. In the Meta app, add a Valid OAuth Redirect URI that matches your deployment: the app origin (same as |
|
|
Optional. Facebook Login for Business configuration ID (User access token type). Omit for standard Facebook Login. |
Meta Developer Portal → Facebook Login for Business → Configurations |
Vercel deployment
For production deployments on Vercel, variables are managed in the Vercel Dashboard under Settings > Environment Variables.
Important notes
-
CONVEX_DEPLOY_KEY is REQUIRED for Vercel deployments. Without it, Convex functions won’t deploy during build.
-
NEXT_PUBLIC_CONVEX_URL is typically set automatically by Convex when using
pnpm convex deploy --cmdin the build command. Only set manually if you need to override the default. -
Square variables are only needed if you’re using Square POS integration. Get credentials from the Square Developer Portal.
-
Radar variables are only needed if you’re using location services or the Radar map provider.
-
Map providers: We use a hybrid approach. Radar SDK is used for geocoding and search (due to its generous free tier), while OpenFreeMap is the default for map tile visualization to ensure privacy and cost-effectiveness.
-
TOKEN_ENCRYPTION_KEY should be a strong random string (at least 32 characters). Use it to encrypt sensitive data like Square access tokens.
-
NEXT_PUBLIC_* variables are exposed to the browser. Never put secrets in these variables.
-
Do not pull environment variables via Vercel CLI. If prompted by
vercel --prodto download variables, select NO. This prevents Vercel from overwriting your local setup or creating redundant.envfiles. -
Social login: Set
BETTER_AUTH_URLandNEXT_PUBLIC_APP_URLto the production site origin. For Facebook, register the matching/api/auth/callback/facebookredirect URI in the Meta app. -
Square: Use one Square application for both POS linking and seller sign-in. Register two redirect URIs in the Square app: the POS link URL (
SQUARE_REDIRECT_URI, path/api/auth/callback/square) and the Better Auth URL with path/api/auth/oauth2/callback/squareon the same origin asBETTER_AUTH_URL.
For more details, see the Deployment guide in the Next.js section.