# ===================================== # SUPABASE CONFIGURATION # ===================================== # Get these from your Supabase project dashboard at https://supabase.com/dashboard # Project Settings > API # Your Supabase project URL (format: https://[project-ref].supabase.co) NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co # Supabase anonymous key (safe to expose in browser, used for client-side operations) NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key_here # Supabase service role key (SECRET - bypasses RLS, use only server-side) SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key_here SUPABASE_SERVICE_KEY=your_supabase_service_role_key_here # Direct database connection string (session mode for DDL operations) # Format: postgresql://postgres.[project-ref]:[password]@aws-0-ap-southeast-2.pooler.supabase.com:5432/postgres DATABASE_URL=postgresql://postgres.your-project-ref:your_db_password@aws-0-region.pooler.supabase.com:5432/postgres # ===================================== # ABN LOOKUP # ===================================== # Australian Business Register GUID for ABN validation # Register at: https://abr.business.gov.au/Tools/WebServices ABR_GUID=your_abr_guid_here # ===================================== # EMAIL # ===================================== # Resend API key for transactional emails # Get your API key from: https://resend.com/api-keys RESEND_API_KEY=re_your_resend_api_key_here # Email sender configuration MAIL_FROM_NAME=RateRight MAIL_FROM_EMAIL=no-reply@yourdomain.com.au # ===================================== # AI / OPENAI # ===================================== # OpenAI API key for AI features (profile builder, job suggestions, matching) # Get your API key from: https://platform.openai.com/api-keys OPENAI_API_KEY=sk-proj-your_openai_api_key_here # ===================================== # STRIPE PAYMENTS # ===================================== # Stripe API keys for payment processing ($50 flat fee per hire) # Get your keys from: https://dashboard.stripe.com/apikeys # Use test keys (sk_test_...) for development, live keys (sk_live_...) for production # Server-side secret key (SECRET - never expose to client) STRIPE_SECRET_KEY=sk_live_your_stripe_secret_key_here # Client-side publishable key (safe to expose) STRIPE_PUBLISHABLE_KEY=pk_live_your_stripe_publishable_key_here NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_your_stripe_publishable_key_here # Stripe webhook secret for verifying webhook signatures # Get from: https://dashboard.stripe.com/webhooks STRIPE_WEBHOOK_SECRET=whsec_your_stripe_webhook_secret_here # ===================================== # APPLICATION URLS # ===================================== # Base URL of your application (used for redirects, webhooks, etc.) NEXT_PUBLIC_APP_URL=https://yourdomain.com.au # NextAuth configuration NEXTAUTH_SECRET=your_nextauth_secret_here NEXTAUTH_URL=https://yourdomain.com.au # ===================================== # SECURITY # ===================================== # Application secret key for encryption/signing SECRET_KEY=your_random_secret_key_here # Admin API key for protected admin endpoints ADMIN_API_KEY=your_admin_api_key_here # ===================================== # CLOUDINARY (IMAGE HOSTING) # ===================================== # Cloudinary credentials for image uploads and hosting # Get from: https://console.cloudinary.com/ CLOUDINARY_CLOUD_NAME=your_cloudinary_cloud_name CLOUDINARY_API_KEY=your_cloudinary_api_key CLOUDINARY_API_SECRET=your_cloudinary_api_secret # ===================================== # TWILIO (SMS/VOICE) # ===================================== # Twilio credentials for SMS notifications and phone verification # Get from: https://console.twilio.com/ TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx TWILIO_AUTH_TOKEN=your_twilio_auth_token_here TWILIO_MESSAGING_SERVICE_SID=MGxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx TWILIO_PHONE_NUMBER=+61400000000 # ===================================== # GOOGLE SCRIPTS # ===================================== # Google Apps Script webhook URLs for integrations GOOGLE_SCRIPT_URL=https://script.google.com/macros/s/your_script_id/exec GSCRIPT_URL=https://script.google.com/macros/s/your_script_id/exec # ===================================== # SLACK NOTIFICATIONS # ===================================== # Slack webhook URLs for internal notifications # Create webhooks at: https://api.slack.com/messaging/webhooks SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL BUG_REPORT_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL # ===================================== # LEGACY / V1 MIGRATION # ===================================== # Original Fly.io database connection (only needed during migration) FLY_DATABASE_URL=postgresql://user:password@host:5432/database # ===================================== # REDIS (RATE LIMITING) # ===================================== # Upstash Redis for distributed rate limiting in production # Get credentials from: https://console.upstash.com/ # # Option 1 (preferred): Upstash REST API credentials UPSTASH_REDIS_REST_URL=https://your-redis-host.upstash.io UPSTASH_REDIS_REST_TOKEN=your_upstash_rest_token_here # # Option 2 (legacy): Standard Redis URI — auto-converted to REST format LIMITER_STORAGE_URI=redis://default:your_redis_password@your-redis-host.upstash.io:6379 # ===================================== # FEATURE FLAGS # ===================================== # Enable/disable payment processing FEATURES_PAYMENTS=true # Set to "True" to use Stripe test mode (test keys), "False" for live mode STRIPE_TEST_MODE=False