Environment
Required env vars and validation rules enforced by the app.
Required variables
| Variable | Requirement | Purpose |
|---|---|---|
DATABASE_URL | Valid URL | PostgreSQL connection string |
STRIPE_SECRET_KEY | Starts with sk_ | Stripe API server key |
STRIPE_WEBHOOK_SECRET | Starts with whsec_ | Webhook signature verification |
NEXTAUTH_SECRET | Minimum 32 chars | JWT/session cryptographic secret |
NEXTAUTH_URL | Valid URL | Auth callback base URL |
Validation behavior
The app parses process.env through a Zod schema at startup. Invalid or missing values fail fast so misconfiguration is caught before runtime traffic.
Example
DATABASE_URL=postgresql://user:pass@host:5432/subsplit
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_WEBHOOK_SECRET=whsec_xxx
NEXTAUTH_SECRET=replace-with-32-plus-random-chars
NEXTAUTH_URL=http://localhost:3000
Operational notes
- Use test keys locally and in preview environments.
- Rotate
NEXTAUTH_SECRETand Stripe credentials with environment-specific values. - Never expose server-only keys in client-side runtime config.