Environment Variables
Managing environment variables in StartupKit
This guide covers how environment variables work in StartupKit and the helpers available for managing them.
Quick Setup
After running npx startupkit init, create your environment file:
cp .env.example .env.localThe .env.example file contains all available variables with documentation.
Environment Files
| File | Purpose | Committed to Git |
|---|---|---|
.env.local | Local development values | No |
.env.test | Test environment values | No |
.env.production | Production overrides | No |
Core Variables
These variables are used across the application:
| Variable | Required | Description |
|---|---|---|
DATABASE_URL | Yes | PostgreSQL connection string |
BETTER_AUTH_SECRET | Yes | Secret key for signing auth tokens |
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/myapp
BETTER_AUTH_SECRET=your-secret-key-hereGenerate a secure auth secret:
openssl rand -base64 32Running with Environment Variables
StartupKit includes helpers for running commands with environment variables loaded:
pnpm with-env
Runs a command with .env.local loaded:
pnpm with-env <command>Examples:
# Run database migrations with env vars
pnpm with-env pnpm db:migrate
# Run a script with env vars
pnpm with-env node scripts/seed.js
# Start the dev server (already uses with-env internally)
pnpm devpnpm with-test-env
Runs a command with .env.test loaded:
pnpm with-test-env <command>Examples:
# Run tests with test environment
pnpm with-test-env pnpm test
# Run a specific test file
pnpm with-test-env vitest run src/lib/auth.test.tsThis is useful for:
- Using a separate test database
- Mocking external services
- Isolated test configurations
Next.js Environment Rules
Next.js has specific rules for environment variables:
| Prefix | Availability | Use For |
|---|---|---|
NEXT_PUBLIC_ | Client + Server | Public values (analytics keys) |
| No prefix | Server only | Secrets, credentials |
# Exposed to browser - safe for public API keys
NEXT_PUBLIC_POSTHOG_KEY=phc_xxx
# Server only - never exposed to client
DATABASE_URL=postgresql://...
BETTER_AUTH_SECRET=xxxPackage-Specific Variables
Each package has its own environment variables documented in its respective section:
- Authentication — OAuth providers, auth settings
- Analytics — PostHog, Google Analytics, OpenPanel
- Database — Connection strings, pooling
- Emails — Resend API keys
Deployment
See the Deployment guide for platform-specific instructions on setting environment variables in production.
Security Best Practices
- Never commit
.env.local— It's in.gitignoreby default - Use different secrets per environment — Dev, staging, production
- Rotate secrets regularly — Especially after team changes
- Limit access — Only give team members access to secrets they need
Troubleshooting
Variable Not Available
- Check the name matches exactly (case-sensitive)
- Restart the dev server after changes
- For client-side, ensure
NEXT_PUBLIC_prefix - In Vercel, check the correct environment is selected
"Process is not defined"
This happens when accessing server-only variables on the client. Keep server-only variables in server-only files:
// lib/db.ts (server-only, never imported by client)
const dbUrl = process.env.DATABASE_URL