Setting Up the Environment

How to create your .env.local file and obtain credentials for all required services.

Last updated:

Create the .env.local file

BloggFast ships with an .env.example file listing every environment variable the app needs. Start by copying it:

bash
cp .env.example .env.local

Open .env.local in your editor and fill in each value as described below. Never commit this file to version control — it's already in .gitignore.

Variable categories

The environment file is organized into these sections:

  • Database — Neon Postgres connection strings (pooled and unpooled)
  • Neon Auth — Auth base URL and cookie secret for session management
  • Sanity CMS — Project ID, dataset, and API tokens
  • OpenAI — API key for article and image generation
  • Resend — API key, sender email, webhook secret, and audience ID
  • Site — Public site URL and app URL

Tip

Environment variables starting with NEXT_PUBLIC_ are exposed to the browser. All others are server-only. Never add sensitive keys with the NEXT_PUBLIC_ prefix.

Getting credentials

Neon Database & Auth

  1. Go to neon.tech and create a new project
  2. Copy the Connection string (pooled) from Dashboard → Connection Details → set as DATABASE_URL
  3. Also copy the Direct connection string (without pooler) → set as DATABASE_URL_UNPOOLED
  4. In your Neon project, go to Auth in the sidebar and enable Neon Auth
  5. Copy NEON_AUTH_BASE_URL and NEON_AUTH_COOKIE_SECRET from the Auth settings panel
.env.local
# Pooled connection (for runtime queries via pgBouncer)
DATABASE_URL="postgresql://user:pass@ep-xxx-pooler.region.aws.neon.tech/neondb?channel_binding=require&sslmode=require"

# Direct connection (for Prisma migrations - no pgBouncer)
DATABASE_URL_UNPOOLED="postgresql://user:pass@ep-xxx.region.aws.neon.tech/neondb?sslmode=require"

# Neon Auth (from your Neon project → Auth tab)
NEON_AUTH_BASE_URL="https://ep-xxx.neonauth.region.aws.neon.tech/neondb/auth"
NEON_AUTH_COOKIE_SECRET="your-cookie-secret-from-neon-auth"

Sanity

  1. Go to sanity.io/manage and create a new project
  2. Copy your Project ID from the project settings
  3. Create an API token with Editor permissions under API → Tokens → set as SANITY_API_TOKEN
  4. Optionally create a second token for the article uploader with Editor permissions → SANITY_TOKEN_ARTICLE_UPLOADER
.env.local
NEXT_PUBLIC_SANITY_PROJECT_ID=your_project_id
NEXT_PUBLIC_SANITY_DATASET=production
SANITY_API_TOKEN=sk...
SANITY_TOKEN_ARTICLE_UPLOADER=sk...  # Optional: separate token for AI article uploads

OpenAI

  1. Go to platform.openai.com/api-keys
  2. Create a new secret key
  3. Set OPENAI_API_KEY
.env.local
OPENAI_API_KEY=sk-proj-...

Note

BloggFast uses GPT-4o for article text generation and gpt-image-1 for AI cover image generation. Both use the same OPENAI_API_KEY. Image generation with gpt-image-1 requires a paid OpenAI account with image generation access enabled.

Resend

  1. Sign up at resend.com
  2. Create an API key under API Keys
  3. Set RESEND_API_KEY and RESEND_FROM_EMAIL (your verified sender address)
  4. Optionally create a Webhook endpoint in Resend → set the signing secret as RESEND_WEBHOOK_SECRET
  5. Optionally create an Audience in Resend → set the audience ID as RESEND_AUDIENCE_ID for contact sync
.env.local
RESEND_API_KEY=re_...
RESEND_FROM_EMAIL=hello@yourdomain.com
RESEND_WEBHOOK_SECRET=whsec_...    # Optional: for bounce/complaint event handling
RESEND_AUDIENCE_ID=               # Optional: for contact list sync

Site URLs

.env.local
NEXT_PUBLIC_SITE_URL="http://localhost:3000"
NEXT_PUBLIC_APP_URL="http://localhost:3000"  # Set to your production domain when live

Required vs optional

Variable groupRequired?
DATABASE_URLYes — the app cannot start without a database
DATABASE_URL_UNPOOLEDYes — required for Prisma migrations
NEON_AUTH_BASE_URLYes — required for authentication
NEON_AUTH_COOKIE_SECRETYes — required for session cookies
NEXT_PUBLIC_SANITY_PROJECT_IDYes — required for CMS content
NEXT_PUBLIC_SANITY_DATASETYes — defaults to production
SANITY_API_TOKENYes — required for server-side content writes
OPENAI_API_KEYYes — required for AI article and image generation
RESEND_API_KEYYes — email won't work without it
RESEND_FROM_EMAILYes — required sender address
RESEND_WEBHOOK_SECRETOptional — only needed for bounce/complaint tracking
RESEND_AUDIENCE_IDOptional — only needed for Resend Contacts sync
SANITY_TOKEN_ARTICLE_UPLOADEROptional — separate write token for AI article uploads

Validating your configuration

After filling in your .env.local, restart the dev server:

bash
npm run dev

BloggFast uses @t3-oss/env-nextjs with Zod validation for all environment variables. If any required variable is missing or malformed, the app will throw a descriptive error on startup listing exactly which variable failed validation.

Warning

Common mistake: using the pooled Neon connection string for Prisma migrations. Use DATABASE_URL_UNPOOLED (the direct, non-pgBouncer URL) when running prisma migrate dev or prisma db push.