Skip to Content
Getting StartedEnvironment Variables

Environment Variables

Fast Forward Dev requires several environment variables to connect to external services. This guide explains each variable and where to get the values.

Client Environment Variables

Create a .env.local file in the client root directory with the following variables:

NextAuth Configuration

.env.local
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=your-secret-key-here
  • NEXTAUTH_URL: The base URL of your application
    • Development: http://localhost:3000
    • Production: Your production domain (e.g., https://yourdomain.com)
  • NEXTAUTH_SECRET: A random string for encrypting tokens
    • Generate one: Run openssl rand -base64 32 in your terminal

Stripe Keys

.env.local
# Test keys (for development)
PUBLIC_TEST_STRIPE_PUBLISHABLE_KEY=pk_test_...
 
# Production keys
PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_...

Where to get them:

  1. Go to Stripe Dashboard 
  2. Click “Developers” → “API keys”
  3. Copy the “Publishable key” (starts with pk_test_ or pk_live_)

The app automatically uses test keys in development and production keys in production based on NODE_ENV.

Google OAuth (Optional)

.env.local
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret

Where to get them:

  1. Go to Google Cloud Console 
  2. Create a new project or select existing
  3. Go to “APIs & Services” → “Credentials”
  4. Click “Create Credentials” → “OAuth 2.0 Client ID”
  5. Set authorized redirect URIs:
    • Development: http://localhost:3000/api/auth/callback/google
    • Production: https://yourdomain.com/api/auth/callback/google

Server Environment Variables

Create a .env file in the server root directory with the following variables:

Database Configuration

.env
MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/database

Where to get it:

  1. Go to MongoDB Atlas 
  2. Create a free cluster
  3. Click “Connect” → “Connect your application”
  4. Copy the connection string
  5. Replace <password> with your database password
  6. Replace <database> with your database name

JWT Secret

.env
JWT_SECRET=your-jwt-secret-here
  • Generate a secure random string: openssl rand -base64 32
  • This is used to sign authentication tokens

Never share your JWT_SECRET. It should be different from your NEXTAUTH_SECRET.

Stripe Keys

.env
# Test keys (for development)
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
 
# Production keys
# STRIPE_SECRET_KEY=sk_live_...
# STRIPE_WEBHOOK_SECRET=whsec_...

Where to get them:

Secret Key:

  1. Go to Stripe Dashboard 
  2. Click “Developers” → “API keys”
  3. Copy the “Secret key” (starts with sk_test_ or sk_live_)

Webhook Secret:

  1. Go to “Developers” → “Webhooks”
  2. Click “Add endpoint”
  3. Set the endpoint URL:
    • Development: Use Stripe CLI  for local testing
    • Production: https://yourdomain.com/api/stripe/webhook
  4. Select events to listen for:
    • checkout.session.completed
    • customer.subscription.updated
    • customer.subscription.deleted
  5. Copy the “Signing secret” (starts with whsec_)

Email Configuration (Resend)

.env
RESEND_API_KEY=re_...

Where to get it:

  1. Go to Resend 
  2. Sign up for an account (free tier available)
  3. Go to “API Keys”
  4. Create a new API key
  5. Copy the key (starts with re_)

Google OAuth Verification

.env
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com

This should be the same client ID you created for the client.

Server Configuration

.env
NODE_ENV=development
PORT=5001
CLIENT_URL=http://localhost:3000
  • NODE_ENV: development or production
  • PORT: Port for the Express server (default: 5001)
  • CLIENT_URL: URL of your Next.js client
    • Development: http://localhost:3000
    • Production: https://yourdomain.com

Complete Example Files

Client .env.local Example

.env.local
# NextAuth
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=your_nextauth_secret_key
 
# Stripe (Test Keys)
PUBLIC_TEST_STRIPE_PUBLISHABLE_KEY=pk_test_...
PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_...
 
# Google OAuth (Optional)
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret

Server .env Example

.env
# Database
MONGODB_URI=mongodb+srv://user:password@cluster.mongodb.net/dbname
 
# JWT
JWT_SECRET=your_jwt_secret_key
 
# Stripe
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
 
# Email
RESEND_API_KEY=re_...
 
# Google OAuth
GOOGLE_CLIENT_ID=your_google_client_id
 
# Server
NODE_ENV=development
PORT=5001
CLIENT_URL=http://localhost:3000

Security Best Practices

Important Security Tips:

  • Never commit .env or .env.local files to Git (they’re in .gitignore)
  • Use different secrets for development and production
  • Rotate secrets regularly
  • Never share secrets in screenshots or documentation
  • Use environment variables in your deployment platform (Vercel, Heroku, etc.)

Troubleshooting

Missing Environment Variables

If you see errors about missing environment variables:

  1. Check that the variable is defined in the correct .env file
  2. Restart your development server after changing .env files
  3. Make sure there are no typos in variable names
  4. Ensure there are no spaces around the = sign

Variables Not Loading

  • Client variables must start with PUBLIC_ to be accessible (except NextAuth variables)
  • Server variables are loaded automatically by dotenv
  • Make sure .env files are in the root directory, not in subdirectories

Next Steps

Once you have all your environment variables set up, continue with:

Last updated on
DeploymentInstallation