Environment Variables

All variables are validated at startup via Zod in packages/config. The app refuses to boot if required variables are missing or invalid.

Required (all apps)

Variable	Description
`DATABASE_URL`	PostgreSQL connection string
`REDIS_URL`	Redis connection string (used by BullMQ)
`JWT_SECRET`	Secret for signing JWTs — minimum 32 characters
`NODE_ENV`	`development`, `test`, or `production`

Variable	Description
`R2_ACCOUNT_ID`	Cloudflare account ID
`R2_ACCESS_KEY_ID`	R2 API token access key
`R2_SECRET_ACCESS_KEY`	R2 API token secret key
`R2_BUCKET_NAME`	R2 bucket name
`R2_PUBLIC_URL`	R2 bucket endpoint URL
`AWS_REKOGNITION_REGION`	AWS region for Rekognition (e.g. `us-east-1`)
`AWS_REKOGNITION_COLLECTION_PREFIX`	Prefix for Rekognition collection IDs (e.g. `acme-photo`)

All media-api variables are optional — workers skip gracefully when not configured. This allows the API to start in dev without cloud credentials.

Variable	Description
`STRIPE_SECRET_KEY`	Stripe secret key (`sk_live_...` or `sk_test_...`)
`STRIPE_WEBHOOK_SECRET`	Stripe webhook signing secret (`whsec_...`)
`RESEND_API_KEY`	Resend API key for transactional email

Variable	Description
`BACKOFFICE_API_URL`	Internal URL to backoffice-api (e.g. `http://backoffice-api:3001`)
`MEDIA_API_URL`	Internal URL to media-api (e.g. `http://media-api:3003`)

Variable	Description
`MAIN_API_URL`	Internal URL to main-api (e.g. `http://main-api:3002`)
`MEDIA_API_URL`	Internal URL to media-api (e.g. `http://media-api:3003`)

Never read process.env directly in app code — always import env from @repo/config
Never commit .env files — only .env.example files belong in the repo
Empty string values are treated as undefined (handled by Zod preprocess)