Environment Variables
All variables are validated at startup via Zod in packages/config. The app refuses to boot if required variables are missing or invalid.
Required (all apps)
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL connection string |
REDIS_URL | Redis connection string (used by BullMQ) |
JWT_SECRET | Secret for signing JWTs — minimum 32 characters |
NODE_ENV | development, test, or production |
media-api
| Variable | Description |
|---|---|
R2_ACCOUNT_ID | Cloudflare account ID |
R2_ACCESS_KEY_ID | R2 API token access key |
R2_SECRET_ACCESS_KEY | R2 API token secret key |
R2_BUCKET_NAME | R2 bucket name |
R2_PUBLIC_URL | R2 bucket endpoint URL |
RETINA_SERVICE_URL | URL of the Retina face clustering service (Google Cloud Run) |
RETINA_API_KEY | API key sent as x-api-key header to the Retina service |
MAIN_WEB_URL | Public-facing URL of main-web — used by the notify_user_invited worker to build invite links (e.g. https://app.example.com). Optional; invite emails fall back to a relative path if unset. |
All media-api variables are optional — workers skip gracefully when not configured. This allows the API to start in dev without cloud credentials.
main-api
| Variable | Description |
|---|---|
STRIPE_SECRET_KEY | Stripe secret key (sk_live_... or sk_test_...) |
STRIPE_WEBHOOK_SECRET | Stripe webhook signing secret (whsec_...) |
RESEND_API_KEY | Resend API key for transactional email |
RESEND_FROM_EMAIL | Override sender address (optional). Useful for staging without a verified domain — e.g. onboarding@resend.dev. Defaults to no-reply@wairo.app. |
Docker Compose (backoffice-web)
| Variable | Description |
|---|---|
BACKOFFICE_API_URL | Internal URL to backoffice-api (e.g. http://backoffice-api:3001) |
MEDIA_API_URL | Internal URL to media-api (e.g. http://media-api:3003) |
NEXT_PUBLIC_MAIN_WEB_URL | Public-facing URL of main-web — used to build shareable customer join links (e.g. https://app.example.com). Must be set at build time. |
NEXT_PUBLIC_GOOGLE_PLACES_API_KEY | Google Maps Platform API key. Enables location autocomplete (Places API New) and timezone auto-detection (Time Zone API) in the project create/edit forms. Must be set at build time (client-side). See External Services for setup details. |
Docker Compose (main-web)
| Variable | Description |
|---|---|
MAIN_API_URL | Internal URL to main-api (e.g. http://main-api:3002) |
MEDIA_API_URL | Internal URL to media-api (e.g. http://media-api:3003) |
NEXT_PUBLIC_BACKOFFICE_URL | Public-facing URL of backoffice-web — used on the landing page for operator sign-up / login links. Must be set at build time. |
Notes
- Never read
process.envdirectly in app code — always importenvfrom@repo/config - Never commit
.envfiles — only.env.examplefiles belong in the repo - Empty string values are treated as
undefined(handled by Zodpreprocess)