Skip to Content
StackBlaze Templates — operator documentation
AI SaaS KitConfigurationEnvironment variables

Environment variables

All configuration lives in .env.local (copied from .env.example). The keys present in your file depend on the features you selected at scaffold time — the scaffolder only writes the vars your build uses.

NEXT_PUBLIC_-prefixed vars are exposed to the browser. Everything else is server-only. Restart the dev server after changing any env var.

Core (always present)

VariableRequiredDescription
DATABASE_URLPostgres connection string. Hosted providers usually need ?sslmode=require.
TEST_DATABASE_URLfor testsSeparate DB for integration tests.
BETTER_AUTH_SECRET32-byte secret. Generate with openssl rand -base64 32.
BETTER_AUTH_URLServer-side base URL, e.g. http://localhost:3000.
NEXT_PUBLIC_BETTER_AUTH_URLSame URL, exposed to the browser auth client.
EMAIL_PROVIDERconsole (dev default — prints emails to stdout) or resend.

AI

VariableDescription
AI_PROVIDERWhich provider backs chat. See AI providers.
AI_MODELModel id for that provider. Provider default is used if omitted.
OPENAI_API_KEY (etc.)Only the key for your selected provider is required.

Billing (Stripe)

VariableDescription
BILLING_PROVIDERstripe.
NEXT_PUBLIC_BILLING_PROVIDERstripe (browser-visible).
STRIPE_SECRET_KEYYour Stripe secret key (sk_…).
STRIPE_WEBHOOK_SECRETwhsec_… from stripe listen (dev) or the dashboard webhook (prod).
STRIPE_PRICE_PROPrice id (price_…) for the Pro plan.
STRIPE_PRICE_TEAMPrice id (price_…) for the Team plan.

Email (Resend)

Only used when EMAIL_PROVIDER=resend.

VariableDescription
RESEND_API_KEYResend API key.
EMAIL_FROMFrom address, e.g. StackBlaze <onboarding@resend.dev>.

Rate limiting (Upstash Redis)

Optional. When unset, AI-route rate limiting is a no-op — the app runs fine without it.

VariableDescription
UPSTASH_REDIS_REST_URLFrom the Upstash console (REST API section).
UPSTASH_REDIS_REST_TOKENREST token.

OAuth providers (optional)

A login button appears only when both the id and secret for a provider are set.

VariableDescription
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRETGoogle OAuth app.
GITHUB_CLIENT_ID / GITHUB_CLIENT_SECRETGitHub OAuth app.

Register these callback URLs with each provider:

${BETTER_AUTH_URL}/api/auth/callback/google
${BETTER_AUTH_URL}/api/auth/callback/github

In production, set BETTER_AUTH_URL / NEXT_PUBLIC_BETTER_AUTH_URL to your real domain and re-register OAuth callback URLs to match — otherwise logins redirect to localhost.

Your first runAI providers