-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
111 lines (89 loc) · 5.98 KB
/
.env.example
File metadata and controls
111 lines (89 loc) · 5.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# ─────────────────────────────────────────────────────────────────────────────
# Glimpse — consolidated environment variable reference
# ─────────────────────────────────────────────────────────────────────────────
#
# This file documents every env var consumed across the workspace. Per-service
# example files also exist under:
# artifacts/api-server/.env.example
# artifacts/glimpse/.env.example
#
# NEVER commit a populated copy. In Replit, dev values come from the project
# secrets store; production values come from Replit deployment secrets (API)
# and Expo Application Services secrets (mobile).
#
# Legend:
# [server] → consumed by artifacts/api-server at runtime
# [mobile] → consumed by artifacts/glimpse, inlined at build time (PUBLIC)
# [build] → consumed only during EAS / Replit build
# ─────────────────────────────────────────────────────────────────────────────
# ─── Database ────────────────────────────────────────────────────────────────
# [server, build] Postgres connection string used by the API at runtime AND by
# `drizzle-kit push` during deployment build. In Replit this is provisioned by
# the managed Postgres add-on. In production, MUST be a separate DB from dev.
DATABASE_URL=
# ─── Auth (Clerk) ────────────────────────────────────────────────────────────
# [server] Clerk secret key. Used by `@clerk/express` to validate sessions.
# Dev: sk_test_...
# Prod: sk_live_... (provisioned from a separate Clerk production instance)
CLERK_SECRET_KEY=
# [mobile] Clerk publishable key, inlined into the JS bundle. Safe to ship.
# Dev: pk_test_...
# Prod: pk_live_...
EXPO_PUBLIC_CLERK_PUBLISHABLE_KEY=
# [mobile] OPTIONAL. Set when Clerk's Frontend API is served through your own
# domain (e.g. via the production Clerk proxy). Leave empty to use Clerk's
# default frontend API.
EXPO_PUBLIC_CLERK_PROXY_URL=
# ─── HTTP / CORS ─────────────────────────────────────────────────────────────
# [server] Comma-separated list of frontend origins permitted for credentialed
# cross-origin requests. REQUIRED in production — the server refuses to start
# without it (or without REPLIT_DOMAINS, which Replit deployments populate
# automatically).
ALLOWED_ORIGINS=
# [server] Set to "production" in deployments to enable strict CORS and
# disable verbose logging.
NODE_ENV=development
# [server] Port the Express server binds to. Required — startup throws if
# unset. Replit workflows inject this automatically; export explicitly for
# local runs.
PORT=8080
# [server] Pino log level. Optional, defaults to "info"
# (artifacts/api-server/src/lib/logger.ts). Set to "debug" for verbose runs.
LOG_LEVEL=info
# [server] REPLIT_DOMAINS is populated by the Replit deployment runtime and is
# used by the API as a fallback CORS origin source when ALLOWED_ORIGINS is
# empty (artifacts/api-server/src/app.ts). Do NOT set this manually for local
# dev; use ALLOWED_ORIGINS instead.
# NOTE: SESSION_SECRET appears as a placeholder in artifacts/api-server/.env.example
# but is NOT consumed by the runtime — auth is bearer-token Clerk middleware,
# not Express session cookies. Safe to ignore; will be removed in a future cleanup.
# ─── Mobile API endpoint ─────────────────────────────────────────────────────
# [mobile] Hostname (no protocol) of the API server. The client builds URLs as
# `https://${EXPO_PUBLIC_DOMAIN}/api/...`.
# Dev: Replit workspace preview domain (auto-injected by `pnpm dev`)
# Prod: deployed *.replit.app host (or custom domain)
EXPO_PUBLIC_DOMAIN=
# ─── Object storage (Replit App Storage / GCS-compatible) ────────────────────
# [server] Provided by Replit App Storage. The API code reads
# PRIVATE_OBJECT_DIR (private user photos) and PUBLIC_OBJECT_SEARCH_PATHS
# (public assets) directly. DEFAULT_OBJECT_STORAGE_BUCKET_ID is auto-
# provisioned alongside the bucket and is consumed by the underlying GCS
# client, not directly by app code.
DEFAULT_OBJECT_STORAGE_BUCKET_ID=
PRIVATE_OBJECT_DIR=
PUBLIC_OBJECT_SEARCH_PATHS=
# ─── Third-party APIs ────────────────────────────────────────────────────────
# [server] Google Places API key. Restrict in Google Cloud console to the
# Places API only and to the server's egress IPs. Server-side only — never
# ship to the client.
GOOGLE_PLACES_API_KEY=
# [mobile] OPTIONAL / forward-looking. Not consumed by the current build —
# place autocomplete is fully server-proxied. Add only when introducing a
# native MapView. Restrict to the mobile bundle id in Google Cloud console.
# EXPO_PUBLIC_GOOGLE_MAPS_API_KEY=
# ─── Legal links (App Store compliance) ──────────────────────────────────────
# [mobile] Public URLs for Terms of Use and Privacy Policy. Surfaced on the
# auth welcome screen and in Settings → About. Same Privacy URL also goes in
# App Store Connect → App Information → Privacy Policy URL.
EXPO_PUBLIC_TERMS_URL=
EXPO_PUBLIC_PRIVACY_URL=