Environment Variables Reference

Complete reference for every environment variable used by BloggFast.

Last updated:

Note

Copy .env.example to .env as your starting point. Never commit .env to version control. All variables are validated on startup via @t3-oss/env-nextjs — missing required variables will cause a descriptive build/startup error.

Database variables

VariablePurposeRequiredNotes
DATABASE_URLNeon Postgres pooled connection string (via pgBouncer)YesUsed for runtime queries. Must include channel_binding=require&sslmode=require for Neon
DATABASE_URL_UNPOOLEDDirect (non-pooled) connection string for Prisma migrationsYesRequired for prisma migrate dev and db:seed. Use the endpoint without -pooler in the hostname
PGHOSTPostgres host (pooled) — for Neon dashboard useNoOptional convenience variable provided by Neon
PGHOST_UNPOOLEDPostgres host (direct) — for Neon dashboard useNoOptional convenience variable provided by Neon
PGUSERPostgres usernameNoOptional — already included in the connection strings
PGDATABASEPostgres database nameNoTypically neondb
PGPASSWORDPostgres passwordNoOptional — already included in the connection strings
.env
# Pooled connection (use for runtime queries)
DATABASE_URL=postgresql://user:pass@ep-xxx-pooler.region.aws.neon.tech/neondb?channel_binding=require&sslmode=require

# Direct connection (use for Prisma migrations and seeding)
DATABASE_URL_UNPOOLED=postgresql://user:pass@ep-xxx.region.aws.neon.tech/neondb?sslmode=require

Neon Auth variables

VariablePurposeRequired
NEON_AUTH_BASE_URLNeon Auth endpoint URL — provided by Neon when you enable Auth on your projectYes
NEON_AUTH_COOKIE_SECRETSecret key used to sign session cookies — must be at least 32 charactersYes
.env
# From your Neon project → Auth tab
NEON_AUTH_BASE_URL="https://ep-xxx.neonauth.region.aws.neon.tech/neondb/auth"
NEON_AUTH_COOKIE_SECRET="a-long-random-secret-string-of-at-least-32-characters"

Tip

Find these values in your Neon project dashboard under the Auth tab after enabling Neon Auth. The base URL format is specific to your Neon project endpoint.

Sanity CMS variables

VariablePurposeRequiredExample
NEXT_PUBLIC_SANITY_PROJECT_IDYour Sanity project ID (public — exposed to browser)Yespup1pp2q
NEXT_PUBLIC_SANITY_DATASETSanity dataset name (public — exposed to browser)Yesproduction
SANITY_API_TOKENServer-side Sanity API token with Editor permissionsYessk...
SANITY_TOKEN_ARTICLE_UPLOADERSeparate Sanity token used when the AI generator publishes articles to SanityNosk...
SANITY_WEBHOOK_SECRETSecret for validating Sanity webhook payloads (cache revalidation)NoAny random string
.env
NEXT_PUBLIC_SANITY_PROJECT_ID=your_project_id
NEXT_PUBLIC_SANITY_DATASET=production
SANITY_API_TOKEN=sk...
SANITY_TOKEN_ARTICLE_UPLOADER=sk...  # Optional: separate write token for AI article uploads

Vercel AI Gateway variable

VariablePurposeRequiredNotes
AI_GATEWAY_API_KEYVercel AI Gateway key used for all article text and cover image generationYesCreate from your Vercel project → AI Gateway tab → Create Key. Key starts with vck_
.env
AI_GATEWAY_API_KEY=vck_...

Note

BloggFast routes every AI call through the Vercel AI Gateway, so one key unlocks Anthropic, Google, and OpenAI models. Defaults are claude-sonnet-4.6 for text and flux-2-pro for cover images. Active models are stored in the AiSettings record and can be changed from /admin/settings. Vercel grants $5 of free gateway credits on signup.

Resend email variables

VariablePurposeRequiredExample
RESEND_API_KEYResend API key for sending emailsYesre_...
RESEND_FROM_EMAILSender address for outgoing emails (must be a verified domain in Resend)Yeshello@yourdomain.com
RESEND_WEBHOOK_SECRETWebhook signing secret for verifying Resend event deliveries (bounced, complained, etc.)Nowhsec_...
RESEND_AUDIENCE_IDResend Audience ID for contact list sync — if set, subscribers are added to this Resend AudienceNoUUID from Resend Audiences dashboard
.env
RESEND_API_KEY=re_...
RESEND_FROM_EMAIL=hello@yourdomain.com
RESEND_WEBHOOK_SECRET=whsec_...    # Optional
RESEND_AUDIENCE_ID=               # Optional

Note

During development, you can use onboarding@resend.dev as the from address without domain verification, but it only sends to the account email. For production, verify your own domain in the Resend dashboard under Domains.

Cloudflare R2 variables

BloggFast uses Cloudflare R2 (via the AWS S3 SDK) to store article cover images, AI-generated images, and per-user skill files.

VariablePurposeRequired
CLOUDFLARE_ACCOUNT_IDYour Cloudflare account ID (R2 Overview → Account details)Yes
R2_BUCKET_NAMEThe R2 bucket created for this projectYes
R2_ENDPOINTS3 API endpoint, e.g. https://{account}.r2.cloudflarestorage.comYes
R2_ACCESS_KEY_IDAccess key from an R2 account API token with Admin Read & WriteYes
R2_SECRET_ACCESS_KEYSecret key paired with the access key aboveYes
R2_PUBLIC_BASE_URLPublic URL served via your custom domain — leave empty until you attach oneNo
R2_PUBLIC_DEVELOPMENT_URLPublic Development URL generated when you enable it in the bucket settingsYes
NEXT_PUBLIC_MAX_UPLOAD_MBUpload size cap (MB) applied client-side; e.g. 100Yes
.env
CLOUDFLARE_ACCOUNT_ID=your_cloudflare_account_id
R2_BUCKET_NAME=bloggfast-storage
R2_ENDPOINT=https://your_account_id.r2.cloudflarestorage.com
R2_ACCESS_KEY_ID=your_r2_access_key_id
R2_SECRET_ACCESS_KEY=your_r2_secret_access_key
R2_PUBLIC_BASE_URL=
R2_PUBLIC_DEVELOPMENT_URL=https://pub-xxx.r2.dev
NEXT_PUBLIC_MAX_UPLOAD_MB=100

Site variables

VariablePurposeRequiredExample
NEXT_PUBLIC_SITE_URLFull public URL of your site — used for generating absolute URLs (OG images, sitemaps)Yeshttps://myblog.com
NEXT_PUBLIC_APP_URLApp base URL — used for internal routing and API endpoint constructionYeshttps://myblog.com or your Vercel domain
.env
# Development
NEXT_PUBLIC_SITE_URL="http://localhost:3000"
NEXT_PUBLIC_APP_URL="http://localhost:3000"

# Production (set in Vercel dashboard)
NEXT_PUBLIC_SITE_URL="https://myblog.com"
NEXT_PUBLIC_APP_URL="https://myblog.com"