Skip to main content

Environment Security Guide

🔒 Security Setup Complete

Your environment files are now secured with the following approach:

Files Structure:

✅ env.development.example # Committed (safe templates)
✅ env.production.example # Committed (safe templates)
🔒 env.development # NOT committed (real credentials)
🔒 env.production # NOT committed (real credentials)
🔒 .env # NOT committed (active config)

What's Protected:

  • Real Supabase keys are NOT in git
  • Database passwords are NOT in git
  • Secret keys are NOT in git
  • Templates show structure without secrets

🚀 Setup Instructions:

For New Team Members:

  1. Copy template files:

    cp env.development.example env.development
    cp env.production.example env.production
  2. Replace placeholders with real values:

    # In env.development, replace:
    your-dev-project.supabase.co → actual dev project URL
    your-dev-supabase-anon-key-here → actual dev anon key
    your-dev-supabase-service-role-key → actual dev service role key
    your-dev-password → actual dev database password
  3. Never commit the real files:

    # These are automatically gitignored:
    env.development
    env.production

For Production Deployment:

  1. Vercel Environment Variables:

    • Use values from env.production
    • Set in Vercel Dashboard → Settings → Environment Variables
    • Never store production secrets in git
  2. Required Vercel Variables:

    NODE_ENV=production
    VITE_SUPABASE_URL=...
    VITE_SUPABASE_ANON_KEY=...
    SUPABASE_URL=...
    SUPABASE_SERVICE_ROLE_KEY=...
    SECRET_KEY=...
    JWT_SECRET=...

🛡️ Security Benefits:

  • Team Collaboration: Everyone uses same structure
  • Secret Protection: Real credentials never in git history
  • Easy Setup: Copy examples → replace values
  • Production Safety: Secrets only in deployment platform
  • Audit Trail: Can see what variables are needed without exposing values

⚠️ Important Notes:

  1. Existing git history may contain old secrets - consider rotating them
  2. Never commit files ending in env.development or env.production
  3. Always use .example files for templates
  4. Rotate secrets if they were previously committed

Your environment setup is now secure! 🔐