Skip to content

Environment Variables

All environment variables across Reggie's services.

Secret Sources by Context

Context Source
Local dev .env files (generated from .env.example by make setup)
AWS (staging/prod) SST Secrets (sst secret set ...) backed by SSM Parameter Store
CI GitHub Actions secrets / env vars
Optional Doppler (npm run env:sync to pull real API keys)

Backend (backend/.env)

Variable Required Default Description
DATABASE_URL Yes postgresql://postgres:postgres@localhost:54322/reggie PostgreSQL connection string
ALLOWED_ORIGINS Yes ["http://localhost:3000","http://localhost:3001"] CORS allowed origins (JSON array)
SECRET_KEY Yes local-dev-secret-key-not-for-production App secret for signing
ENVIRONMENT No development development or production
CLERK_SECRET_KEY No* -- Clerk API secret key
CLERK_JWT_KEY No* -- Clerk RS256 PEM public key for JWT verification
CLERK_WEBHOOK_SECRET No -- Clerk webhook signing secret
R2_ENDPOINT No -- Cloudflare R2 endpoint URL
R2_ACCESS_KEY_ID No -- R2 access key
R2_SECRET_ACCESS_KEY No -- R2 secret key
STRIPE_SECRET_KEY No -- Stripe API secret
STRIPE_WEBHOOK_SECRET No -- Stripe webhook signing secret
RESEND_API_KEY No -- Resend email API key
DVLA_API_KEY No -- DVLA vehicle enquiry API key
REDIS_URL No -- Redis connection URL (future use)

*Clerk keyless mode works for local dev without these keys.

Web App (apps/web/.env.local)

Variable Required Default Description
NEXT_PUBLIC_API_URL Yes http://localhost:8000 Backend API base URL
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY No* -- Clerk publishable key
CLERK_SECRET_KEY No* -- Clerk server-side secret

Admin App (apps/admin/.env.local)

Same as Web App above.

SST Secrets (AWS Stages)

These are set per-stage via sst secret set <name> <value> --stage <stage>:

Secret Name Maps To
ClerkPublishableKey NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
ClerkSecretKey CLERK_SECRET_KEY
ClerkJwtKey CLERK_JWT_KEY
ClerkWebhookSecret CLERK_WEBHOOK_SECRET
R2Endpoint R2_ENDPOINT
R2AccessKeyId R2_ACCESS_KEY_ID
R2SecretAccessKey R2_SECRET_ACCESS_KEY
StripeSecretKey STRIPE_SECRET_KEY
StripeWebhookSecret STRIPE_WEBHOOK_SECRET
ResendApiKey RESEND_API_KEY
DvlaApiKey DVLA_API_KEY
SecretKey SECRET_KEY

DATABASE_URL is constructed automatically by SST from the RDS resource properties.

CI Environment Variables

Set in GitHub Actions workflow files (not as repository secrets):

Variable Workflow Value
DATABASE_URL ci-backend sqlite:////tmp/reggie_test.db
DATABASE_URL ci-backend-postgres postgresql://postgres:postgres@127.0.0.1:54322/reggie
CLERK_SECRET_KEY ci-backend* sk_test_fake
CLERK_JWT_KEY ci-backend* test-jwt-key
NEXT_PUBLIC_API_URL ci-frontend http://localhost:8000/api/v1
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY ci-frontend pk_test_fake

Cloudflare R2

Bucket reggie-claim-documents is in EU jurisdiction (-J eu flag required):

wrangler r2 bucket list -J eu
wrangler r2 bucket cors set reggie-claim-documents --file cors.json -J eu