Environment Variables

Complete reference for all environment variables used across the UniPulse platform.

API Backend (`apps/api/.env`)

Core

Variable	Required	Default	Description
`DATABASE_URL`	Yes	-	PostgreSQL connection string (`postgresql://user:pass@host:5432/db`)
`REDIS_URL`	Yes	-	Redis connection string (`redis://localhost:6379`)
`JWT_SECRET`	Yes	-	Secret for signing JWT access tokens (min 32 chars)
`JWT_REFRESH_SECRET`	Yes	-	Secret for signing JWT refresh tokens (min 32 chars)
`ENCRYPTION_KEY`	Yes	-	AES-256 encryption key for social tokens (64 hex characters)
`PORT`	No	`3000`	API server port
`NODE_ENV`	No	`development`	Environment (`development`, `production`)
`FRONTEND_URL`	Yes	-	Frontend URL for CORS and email links (`http://localhost:5173`)

ENCRYPTION_KEY Format

The ENCRYPTION_KEY must be exactly 64 hexadecimal characters (representing 32 bytes for AES-256). Generate one with:

openssl rand -hex 32

AI

Variable	Required	Default	Description
`GEMINI_API_KEY`	For AI features	-	Google Gemini API key from ai.google.dev

Variable	Required	Description
`FACEBOOK_APP_ID`	For Facebook/Instagram	Facebook app ID
`FACEBOOK_APP_SECRET`	For Facebook/Instagram	Facebook app secret
`INSTAGRAM_CALLBACK_URL`	For Instagram	Instagram OAuth callback URL
`TIKTOK_CLIENT_KEY`	For TikTok	TikTok app client key
`TIKTOK_CLIENT_SECRET`	For TikTok	TikTok app client secret

Variable	Required	Description
`GOOGLE_CLIENT_ID`	For Google login	Google OAuth 2.0 client ID
`MICROSOFT_CLIENT_ID`	For Microsoft login	Microsoft (Azure AD) client ID
`MICROSOFT_TENANT_ID`	For Microsoft login	Microsoft tenant ID

Payments

Variable	Required	Description
`STRIPE_SECRET_KEY`	For Stripe payments	Stripe API secret key
`STRIPE_WEBHOOK_SECRET`	For Stripe webhooks	Stripe webhook signing secret
`PAYMOB_API_KEY`	For Paymob payments	Paymob API key

AWS (Media Storage)

Variable	Required	Description
`AWS_S3_BUCKET`	For media uploads	S3 bucket name
`AWS_S3_REGION`	For media uploads	S3 region (e.g., `us-east-1`)
`AWS_ACCESS_KEY_ID`	For media uploads	AWS access key
`AWS_SECRET_ACCESS_KEY`	For media uploads	AWS secret key

Email (SMTP)

Variable	Required	Description
`SMTP_HOST`	For emails	SMTP server hostname
`SMTP_PORT`	For emails	SMTP port (587 for TLS, 465 for SSL)
`SMTP_USER`	For emails	SMTP username
`SMTP_PASS`	For emails	SMTP password
`SMTP_FROM`	For emails	Sender email address

Web Frontend (`apps/web/.env`)

Variable	Required	Default	Description
`VITE_API_URL`	Yes	`http://localhost:3000`	Backend API base URL

Frontend Environment Variables

Only variables prefixed with VITE_ are included in the client bundle. Never put secrets in frontend env variables -- they are visible in the browser.

Control Center (`UniPulse-Control-Center/apps/server/.env`)

Variable	Required	Description
`JWT_SECRET`	Yes	JWT signing secret (separate from Pulse)
`JWT_REFRESH_SECRET`	Yes	Refresh token secret
`GOOGLE_CLIENT_ID`	Yes	Google OAuth client ID (for admin login)
`GOOGLE_CLIENT_SECRET`	Yes	Google OAuth client secret
`GITHUB_TOKEN`	For CI/CD monitoring	GitHub personal access token
`ALLOWED_EMAILS`	Yes	Comma-separated whitelist of authorized emails
`PORT`	No	`3001`
`DATABASE_URL`	No	`file:./dev.db`

Docker Dev Environment

Default values for docker-compose.yml:

Variable	Default	Description
`POSTGRES_USER`	`postgres`	PostgreSQL username
`POSTGRES_PASSWORD`	`postgres`	PostgreSQL password
`POSTGRES_DB`	`unipulse`	Database name

The resulting DATABASE_URL for local development:

DATABASE_URL=postgresql://postgres:postgres@localhost:5432/unipulse

Docker Prod Environment

Production environment variables are typically set via:

.env file in the project root (loaded by Docker Compose)
Docker secrets for sensitive values
Environment-specific deployment configuration

Example `.env` File

# === CORE ===
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/unipulse
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-jwt-secret-min-32-characters-long
JWT_REFRESH_SECRET=your-refresh-secret-min-32-characters-long
ENCRYPTION_KEY=a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2
PORT=3000
NODE_ENV=development
FRONTEND_URL=http://localhost:5173

# === AI ===
GEMINI_API_KEY=your-gemini-api-key

# === SOCIAL PLATFORMS ===
FACEBOOK_APP_ID=your-facebook-app-id
FACEBOOK_APP_SECRET=your-facebook-app-secret
INSTAGRAM_CALLBACK_URL=http://localhost:3000/api/v1/auth/oauth/instagram/callback
TIKTOK_CLIENT_KEY=your-tiktok-client-key
TIKTOK_CLIENT_SECRET=your-tiktok-client-secret

# === OAUTH (User Login) ===
GOOGLE_CLIENT_ID=your-google-client-id
MICROSOFT_CLIENT_ID=your-microsoft-client-id
MICROSOFT_TENANT_ID=your-microsoft-tenant-id

# === PAYMENTS ===
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...

# === AWS S3 ===
AWS_S3_BUCKET=unipulse-media
AWS_S3_REGION=us-east-1
AWS_ACCESS_KEY_ID=AKIA...
AWS_SECRET_ACCESS_KEY=...

# === EMAIL ===
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=noreply@example.com
SMTP_PASS=your-app-password
SMTP_FROM=UniPulse <noreply@example.com>

Security Checklist

Practice	Status
Never commit `.env` files	`.gitignore` includes `.env*`
Use separate secrets per environment	Different JWT secrets for dev/staging/prod
Rotate `ENCRYPTION_KEY` with key migration	Plan for encrypted data re-encryption
Use strong JWT secrets	Minimum 32 characters, cryptographically random
Restrict Gemini API key	Set API restrictions in Google Cloud Console
Use Stripe test keys in development	`sk_test_` for dev, `sk_live_` for prod

Cross-Reference

Backend Local Setup -- env setup during development
Docker -- Docker Compose env configuration
Deployment -- production env management
Auth Flow -- JWT and encryption details
Control Center Setup -- Control Center env setup

API Backend (apps/api/.env)​

Core​

AI​

Social Platforms​

OAuth Providers (User Login)​

Payments​

AWS (Media Storage)​

Email (SMTP)​

Web Frontend (apps/web/.env)​

Control Center (UniPulse-Control-Center/apps/server/.env)​

Docker Dev Environment​

Docker Prod Environment​

Example .env File​

Security Checklist​