Environment Variables

Kit uses 100+ environment variables configured in apps/boilerplate/.env.local. This page is a complete reference organized by service. For setup instructions, see Configuration. For deployment, see Production Checklist.

Naming Convention

Next.js enforces a strict naming rule for environment variable visibility:

NEXT_PUBLIC_ prefix — Exposed to the browser (client-side). Bundled into JavaScript at build time.
No prefix — Server-only. Available in API routes, middleware, and server components. Never sent to the browser.

API keys, webhook secrets, and database URLs must never use the NEXT_PUBLIC_ prefix. If a secret is accidentally exposed client-side, rotate it immediately and redeploy.

Table columns:

Name — The environment variable name
Scope — Client (browser-accessible) or Server (server-only)
Required — Whether the app needs this variable to function
Default — Value used when not set (blank = no default, must be configured)
Description — What the variable controls

Core Application

Name	Scope	Required	Default	Description
`NEXT_PUBLIC_APP_URL`	Client	Yes	`http://localhost:3000`	Application base URL for links, redirects, and CORS
`NODE_ENV`	Server	Auto	—	Environment: `development`, `production`, `test`
`CRON_SECRET`	Server	Prod	—	Bearer token for Vercel Cron Job authentication

Authentication (Clerk)

Name	Scope	Required	Default	Description
`NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY`	Client	Yes	—	Clerk public key for frontend auth components
`CLERK_SECRET_KEY`	Server	Yes	—	Clerk secret key for server-side auth operations
`CLERK_WEBHOOK_SECRET`	Server	Yes	—	Svix signature verification for Clerk webhooks
`NEXT_PUBLIC_CLERK_SIGN_IN_URL`	Client	No	`/login`	Sign-in page URL (hash routing: `/login#`)
`NEXT_PUBLIC_CLERK_SIGN_UP_URL`	Client	No	`/register`	Sign-up page URL (hash routing: `/register#`)
`NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL`	Client	No	`/dashboard`	Redirect URL after successful sign-in
`NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL`	Client	No	`/dashboard`	Redirect URL after successful sign-up
`NEXT_PUBLIC_CLERK_ENABLED`	Client	No	`true`	Set to `false` to disable Clerk (test/demo environments)
`NEXT_PUBLIC_DEMO_MODE`	Client	No	`false`	Enable demo mode — bypasses authentication entirely

Setting NEXT_PUBLIC_DEMO_MODE=true disables Clerk authentication and uses a mock Prisma client. Useful for showcasing the UI without requiring real credentials.

Database (Supabase + Prisma)

Name	Scope	Required	Default	Description
`DATABASE_URL`	Server	Yes	—	PostgreSQL connection URL with PgBouncer pooling
`DIRECT_URL`	Server	Yes	—	Direct PostgreSQL URL for Prisma migrations (no pooling)
`NEXT_PUBLIC_SUPABASE_URL`	Client	Yes	—	Supabase project URL
`NEXT_PUBLIC_SUPABASE_ANON_KEY`	Client	Yes	—	Supabase anonymous key (client-side, RLS-enforced)
`SUPABASE_SERVICE_ROLE_KEY`	Server	Yes	—	Supabase service role key (bypasses RLS)

For Supabase, DATABASE_URL must include ?pgbouncer=true for connection pooling. DIRECT_URL connects directly to PostgreSQL (port 5432) and is used only for prisma migrate and prisma db push.

Payments (Lemon Squeezy)

Core Configuration

Name	Scope	Required	Default	Description
`LEMONSQUEEZY_API_KEY`	Server	Yes	—	Lemon Squeezy API key for payment operations
`LEMONSQUEEZY_STORE_ID`	Server	Yes	—	Your Lemon Squeezy store ID
`LEMONSQUEEZY_WEBHOOK_SECRET`	Server	Yes	—	HMAC signature verification for payment webhooks
`LEMONSQUEEZY_TEST_MODE`	Server	No	`false`	Enable test mode for payment testing

Variant IDs

Variant IDs link your Lemon Squeezy products to the app's subscription tiers. The required IDs depend on your active pricing model.

Pricing Model

Name	Scope	Required	Default	Description
`NEXT_PUBLIC_PRICING_MODEL`	Client	Yes	`credit_based`	Active pricing model: `credit_based` or `classic_saas`
`CURRENCY`	Server	No	`EUR`	ISO 4217 currency code
`PRICING_TIERS`	Server	No	`basic,pro,enterprise`	Comma-separated list of available tiers
`PRICING_FREE_TIER_ENABLED`	Server	No	`true`	Enable free tier for both models
`PRICING_FREE_TIER_NAME`	Server	No	`Free Forever`	Display name for the free tier

Only one pricing model can be active. Setting NEXT_PUBLIC_PRICING_MODEL=credit_based activates credit-based pricing and disables classic SaaS variant IDs, and vice versa. Mixing models causes configuration validation errors.

Email (Resend)

Name	Scope	Required	Default	Description
`RESEND_API_KEY`	Server	Yes	—	Resend API key for sending emails
`RESEND_FROM_EMAIL`	Server	Yes	—	Sender email address (e.g., `noreply@yourdomain.com`)
`RESEND_WEBHOOK_SECRET`	Server	Yes	—	HMAC signature verification for delivery webhooks
`NEXT_PUBLIC_CONTACT_EMAIL`	Client	Yes	—	Public contact email displayed on website

File Storage (Vercel Blob)

Name	Scope	Required	Default	Description
`BLOB_READ_WRITE_TOKEN`	Server	Yes	—	Vercel Blob token for file upload and download

AI Integration

Provider Configuration

At least one AI provider API key is required for AI features to function. The system auto-detects available providers based on which keys are set.

Name	Scope	Required	Default	Description
`AI_PROVIDER`	Server	No	Auto-detect	Force a specific provider: `openai`, `anthropic`, `google`, `xai`
`AI_MODEL`	Server	No	Provider default	Override the default model for the selected provider
`OPENAI_API_KEY`	Server	Conditional	—	API key for OpenAI (GPT models)
`ANTHROPIC_API_KEY`	Server	Conditional	—	API key for Anthropic (Claude models)
`GOOGLE_AI_API_KEY`	Server	Conditional	—	API key for Google (Gemini models)
`XAI_API_KEY`	Server	Conditional	—	API key for xAI (Grok models)
`AI_API_KEY`	Server	No	—	Universal fallback key — used when no provider-specific key is set for the active `AI_PROVIDER`, and as embedding key fallback
`AI_EMBEDDING_MODEL`	Server	No	`text-embedding-3-small`	Embedding model for RAG vector generation (must be OpenAI-compatible)

Set multiple provider keys for automatic fallback. If the primary provider fails, the system tries the next available provider in order: OpenAI, Anthropic, Google, xAI. Alternatively, set AI_API_KEY as a single fallback key for the provider specified by AI_PROVIDER.

Provider Overrides

Name	Scope	Required	Default	Description
`OPENAI_BASE_URL`	Server	No	OpenAI default	Custom base URL (for proxies or Azure OpenAI)
`OPENAI_ORG_ID`	Server	No	—	OpenAI organization ID
`ANTHROPIC_BASE_URL`	Server	No	Anthropic default	Custom base URL for Anthropic API
`GOOGLE_AI_BASE_URL`	Server	No	Google default	Custom base URL for Google AI API
`XAI_BASE_URL`	Server	No	`https://api.x.ai/v1`	Custom base URL for xAI API

AI Rate Limiting

Name	Scope	Required	Default	Description
`AI_FREE_TIER_REQUESTS`	Server	No	`20`	Monthly request limit for free tier
`AI_PRO_TIER_REQUESTS`	Server	No	`1000`	Monthly request limit for pro tier
`AI_ENTERPRISE_TIER_REQUESTS`	Server	No	`10000`	Monthly request limit for enterprise tier
`AI_RATE_LIMIT_WINDOW`	Server	No	`10`	Burst rate limit window in seconds
`AI_RATE_LIMIT_MAX_REQUESTS`	Server	No	`10`	Max requests per burst window
`AI_ANONYMOUS_MONTHLY_LIMIT`	Server	No	`5`	Max requests per month for anonymous/unauthenticated users

AI Feature Flags

Name	Scope	Required	Default	Description
`AI_STREAMING_ENABLED`	Server	No	`true`	Enable streaming AI responses
`AI_FUNCTIONS_ENABLED`	Server	No	`true`	Enable function calling
`AI_VISION_ENABLED`	Server	No	`true`	Enable vision/image analysis

AI Chat Feature Flags

Name	Scope	Required	Default	Description
`NEXT_PUBLIC_AI_LLM_CHAT_ENABLED`	Client	No	`true`	Enable LLM Chat at `/dashboard/chat-llm`
`NEXT_PUBLIC_AI_RAG_CHAT_ENABLED`	Client	No	`true`	Enable RAG Chat at `/dashboard/chat-rag`
`NEXT_PUBLIC_AI_VISION_ENABLED`	Client	No	`true`	Enable image analysis in LLM Chat (drag & drop, paste, file picker)
`NEXT_PUBLIC_AI_PDF_CHAT_ENABLED`	Client	No	`true`	Enable PDF document analysis in LLM Chat (drag & drop, file picker)
`NEXT_PUBLIC_AI_AUDIO_INPUT_ENABLED`	Client	No	`false`	Enable audio input (speech-to-text) in LLM Chat
`NEXT_PUBLIC_AI_IMAGE_GEN_ENABLED`	Client	No	`true`	Enable Image Generation at `/dashboard/image-gen` (standalone — does not require LLM Chat)
`NEXT_PUBLIC_AI_CONTENT_GEN_ENABLED`	Client	No	`true`	Enable Content Generator at `/dashboard/content` (standalone — does not require LLM Chat)

Vision Chat (NEXT_PUBLIC_AI_VISION_ENABLED) requires LLM Chat (NEXT_PUBLIC_AI_LLM_CHAT_ENABLED) to also be enabled. Both must be true for image analysis features to activate.

PDF Chat (NEXT_PUBLIC_AI_PDF_CHAT_ENABLED) requires LLM Chat (NEXT_PUBLIC_AI_LLM_CHAT_ENABLED) to also be enabled. Both must be true for PDF document analysis features to activate.

Audio Input (NEXT_PUBLIC_AI_AUDIO_INPUT_ENABLED) requires LLM Chat (NEXT_PUBLIC_AI_LLM_CHAT_ENABLED) to also be enabled. Both must be true for speech-to-text input to activate.

Image Generation (NEXT_PUBLIC_AI_IMAGE_GEN_ENABLED) is a standalone feature that requires OPENAI_API_KEY — it uses OpenAI's GPT Image models directly.

Content Generator (NEXT_PUBLIC_AI_CONTENT_GEN_ENABLED) is a standalone feature — it uses the active AI provider for template-based text generation.

Caching (Upstash Redis)

Name	Scope	Required	Default	Description
`UPSTASH_REDIS_REST_URL`	Server	Prod	—	Upstash Redis REST API URL
`UPSTASH_REDIS_REST_TOKEN`	Server	Prod	—	Upstash Redis authentication token

Redis is required in production for API rate limiting and AI rate limiting. In development, rate limiting is automatically disabled when Redis is not configured.

Security & CORS

Name	Scope	Required	Default	Description
`ALLOWED_ORIGINS`	Server	No	`http://localhost:3000`	Comma-separated allowed origins for CORS
`CSP_REPORT_URI`	Server	No	—	Content Security Policy violation reporting endpoint

Styling

Name	Scope	Required	Default	Description
`COLOR_THEME`	Server	No	`default`	Active color theme: `default`, `ocean`, `forest`, `sunset`, `midnight`, `coral`, `slate`, `aurora`, `crimson`

See Color Themes for theme previews and customization.

Feature Flags

Name	Scope	Required	Default	Description
`NEXT_PUBLIC_ENABLE_BLOG`	Client	No	`true`	Enable blog section (middleware redirects `/blog` to `/` when disabled)
`ENABLE_CREDIT_SYSTEM_IN_TESTS`	Server	No	`false`	Enable credit system in unit tests (Vitest only)