Environment Variables Reference
Complete reference for every environment variable used by BloggFast.
Last updated:
Note
Copy
.env.example to .env.local as your starting point. Never commit .env.local to version control. All variables are validated on startup via @t3-oss/env-nextjs — missing required variables will cause a descriptive build/startup error.Database variables
| Variable | Purpose | Required | Notes |
|---|---|---|---|
DATABASE_URL | Neon Postgres pooled connection string (via pgBouncer) | Yes | Used for runtime queries. Must include channel_binding=require&sslmode=require for Neon |
DATABASE_URL_UNPOOLED | Direct (non-pooled) connection string for Prisma migrations | Yes | Required for prisma migrate dev and db:seed. Use the endpoint without -pooler in the hostname |
PGHOST | Postgres host (pooled) — for Neon dashboard use | No | Optional convenience variable provided by Neon |
PGHOST_UNPOOLED | Postgres host (direct) — for Neon dashboard use | No | Optional convenience variable provided by Neon |
PGUSER | Postgres username | No | Optional — already included in the connection strings |
PGDATABASE | Postgres database name | No | Typically neondb |
PGPASSWORD | Postgres password | No | Optional — already included in the connection strings |
.env.local
# Pooled connection (use for runtime queries)
DATABASE_URL=postgresql://user:pass@ep-xxx-pooler.region.aws.neon.tech/neondb?channel_binding=require&sslmode=require
# Direct connection (use for Prisma migrations and seeding)
DATABASE_URL_UNPOOLED=postgresql://user:pass@ep-xxx.region.aws.neon.tech/neondb?sslmode=requireNeon Auth variables
| Variable | Purpose | Required |
|---|---|---|
NEON_AUTH_BASE_URL | Neon Auth endpoint URL — provided by Neon when you enable Auth on your project | Yes |
NEON_AUTH_COOKIE_SECRET | Secret key used to sign session cookies — must be at least 32 characters | Yes |
.env.local
# From your Neon project → Auth tab
NEON_AUTH_BASE_URL="https://ep-xxx.neonauth.region.aws.neon.tech/neondb/auth"
NEON_AUTH_COOKIE_SECRET="a-long-random-secret-string-of-at-least-32-characters"Tip
Find these values in your Neon project dashboard under the Auth tab after enabling Neon Auth. The base URL format is specific to your Neon project endpoint.
Sanity CMS variables
| Variable | Purpose | Required | Example |
|---|---|---|---|
NEXT_PUBLIC_SANITY_PROJECT_ID | Your Sanity project ID (public — exposed to browser) | Yes | pup1pp2q |
NEXT_PUBLIC_SANITY_DATASET | Sanity dataset name (public — exposed to browser) | Yes | production |
SANITY_API_TOKEN | Server-side Sanity API token with Editor permissions | Yes | sk... |
SANITY_TOKEN_ARTICLE_UPLOADER | Separate Sanity token used when the AI generator publishes articles to Sanity | No | sk... |
SANITY_WEBHOOK_SECRET | Secret for validating Sanity webhook payloads (cache revalidation) | No | Any random string |
.env.local
NEXT_PUBLIC_SANITY_PROJECT_ID=your_project_id
NEXT_PUBLIC_SANITY_DATASET=production
SANITY_API_TOKEN=sk...
SANITY_TOKEN_ARTICLE_UPLOADER=sk... # Optional: separate write token for AI article uploadsOpenAI variables
| Variable | Purpose | Required | Notes |
|---|---|---|---|
OPENAI_API_KEY | OpenAI API key for text generation (gpt-5-mini default, configurable) and image generation (gpt-image-1 default) | Yes | Get from platform.openai.com/api-keys. Key starts with sk-proj- |
.env.local
OPENAI_API_KEY=sk-proj-...Note
BloggFast uses OpenAI as its AI provider with 6 selectable text models and 2 image models. The default text model is
gpt-5-mini and the default image model is gpt-image-1. Both are configured via the same OPENAI_API_KEY. The active model can be changed in the admin AI settings. Image generation requires a paid OpenAI account with image generation access.Resend email variables
| Variable | Purpose | Required | Example |
|---|---|---|---|
RESEND_API_KEY | Resend API key for sending emails | Yes | re_... |
RESEND_FROM_EMAIL | Sender address for outgoing emails (must be a verified domain in Resend) | Yes | hello@yourdomain.com |
RESEND_WEBHOOK_SECRET | Webhook signing secret for verifying Resend event deliveries (bounced, complained, etc.) | No | whsec_... |
RESEND_AUDIENCE_ID | Resend Audience ID for contact list sync — if set, subscribers are added to this Resend Audience | No | UUID from Resend Audiences dashboard |
.env.local
RESEND_API_KEY=re_...
RESEND_FROM_EMAIL=hello@yourdomain.com
RESEND_WEBHOOK_SECRET=whsec_... # Optional
RESEND_AUDIENCE_ID= # OptionalNote
During development, you can use
onboarding@resend.dev as the from address without domain verification, but it only sends to the account email. For production, verify your own domain in the Resend dashboard under Domains.Site variables
| Variable | Purpose | Required | Example |
|---|---|---|---|
NEXT_PUBLIC_SITE_URL | Full public URL of your site — used for generating absolute URLs (OG images, sitemaps) | Yes | https://myblog.com |
NEXT_PUBLIC_APP_URL | App base URL — used for internal routing and API endpoint construction | Yes | https://myblog.com or your Vercel domain |
.env.local
# Development
NEXT_PUBLIC_SITE_URL="http://localhost:3000"
NEXT_PUBLIC_APP_URL="http://localhost:3000"
# Production (set in Vercel dashboard)
NEXT_PUBLIC_SITE_URL="https://myblog.com"
NEXT_PUBLIC_APP_URL="https://myblog.com"