Environment Variables

Plainform uses environment variables to configure integrations securely. All variables are validated at runtime using @t3-oss/env-nextjs and Zod schemas.

Quick Setup

touch .env

Complete .env Template

# Application
SITE_URL="http://localhost:3000"
NEXT_PUBLIC_SITE_URL="http://localhost:3000"

# Clerk (Authentication)
NEXT_PUBLIC_CLERK_SIGN_IN_URL="/sign-in"
NEXT_PUBLIC_CLERK_SIGN_UP_URL="/sign-up"
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY="pk_test_xxxx"
CLERK_SECRET_KEY="sk_test_xxxx"

# Stripe (Payments)
STRIPE_SECRET_KEY="sk_test_xxxx"
STRIPE_PUBLISHABLE_KEY="pk_test_xxxx"
STRIPE_WEBHOOK_SECRET="whsec_xxxx"

# Supabase (Database)
DATABASE_URL="postgresql://user:password@host:6543/postgres?pgbouncer=true"
DIRECT_URL="postgresql://user:password@host:5432/postgres"

# AWS S3 (Storage)
AWS_ACCESS_KEY_ID="AKIAXXXXXXXXXXXX"
AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
AWS_S3_ENDPOINT="https://your-bucket.s3.region.amazonaws.com"
AWS_S3_REGION="us-east-1"
AWS_S3_BUCKET="your-bucket-name"

# Resend (Emails)
RESEND_API_KEY="re_xxxx"

# Mailchimp (Newsletter)
MAILCHIMP_API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-us19"
MAILCHIMP_API_SERVER="us6"
MAILCHIMP_AUDIENCE_ID="xxxxxxxxxx"

# PostHog (Analytics)
NEXT_PUBLIC_POSTHOG_KEY="phc_xxxx"
NEXT_PUBLIC_POSTHOG_HOST="https://us.i.posthog.com"

Variable Reference

Application

Clerk (Authentication)

Where to find:

1. Go to Clerk Dashboard
2. Select your application
3. Navigate to API Keys section
4. Copy the keys for your environment

Stripe (Payments)

Where to find:

1. Go to Stripe Dashboard
2. Navigate to Developers → API keys
3. Copy Secret key and Publishable key
4. For webhook secret: Developers → Webhooks → Add endpoint → Copy signing secret

Supabase (Database)

Where to find:

1. Go to Supabase Dashboard
2. Select your project
3. Navigate to Settings → Database
4. Copy "Connection string" for DATABASE_URL (Transaction mode)
5. Copy "Connection string" for DIRECT_URL (Session mode)

AWS S3 (Storage)

Where to find:

1. Go to AWS Console
2. Navigate to IAM → Users → Create user
3. Attach policy: AmazonS3FullAccess
4. Create access key → Copy Access Key ID and Secret Access Key
5. Navigate to S3 → Create bucket → Copy bucket name and region

Resend (Emails)

Where to find:

1. Go to Resend Dashboard
2. Navigate to API Keys
3. Create API key → Copy the key

Mailchimp (Newsletter)

Where to find:

1. Go to Mailchimp Dashboard
2. Navigate to Account → Extras → API keys
3. Create API key → Copy the key (note the server prefix like us6)
4. Navigate to Audience → Settings → Audience name and defaults → Copy Audience ID

PostHog (Analytics)

Where to find:

1. Go to PostHog Dashboard
2. Navigate to Project Settings
3. Copy Project API Key
4. Copy Host URL (use EU endpoint for GDPR compliance)

Validation Schema

All environment variables are validated in env.ts using Zod:

// From env.ts
import { createEnv } from '@t3-oss/env-nextjs';
import { z } from 'zod';

export const env = createEnv({
  server: {
    STRIPE_SECRET_KEY: z.string().min(5),
    DATABASE_URL: z.string().min(5),
    // ... other server variables
  },
  client: {
    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: z.string().min(5),
    NEXT_PUBLIC_POSTHOG_KEY: z.string().min(5),
    // ... other client variables
  },
  experimental__runtimeEnv: {
    NEXT_PUBLIC_SITE_URL: process.env.NEXT_PUBLIC_SITE_URL,
    // ... other client variables
  },
});

Local vs Production

Security Best Practices

1. Never commit .env files - Already in .gitignore
2. Use different keys per environment - Test keys in dev, live keys in production
3. Rotate keys regularly - Especially after team member changes
4. Limit key permissions - Use least-privilege principle (e.g., read-only keys where possible)
5. Validate on startup - The env.ts schema prevents missing/invalid variables

Troubleshooting

Next Steps

• Git Workflow - Set up version control
• Build & Deploy - Deploy to production
• Authentication Setup - Configure Clerk
• Payments Setup - Configure Stripe