Skip to content

Docs

Environment and Configuration

A purpose-only reference to every Seedly Communities setting - what each value is for, where it goes, and which ones are required to run.

Last updated

Every operator-facing setting a live instance cares about, grouped by area. This page explains what each value is for, never the value itself. The example environment file in your download lists the same names with blanks to fill in, and it is generated from the platform's own manifest so it always matches your version.

There are three kinds of value.

  • generated - the platform's own secrets, minted for you by npx pnpm run gen:secrets
  • provider - a key or token you get from a third party (Stripe, your email provider, Daily.co, Vercel, and so on)
  • config - a plain value you choose, like your domain

Where they go. A value lives on the half of the platform that reads it. Some go in your local environment file, some go on the backend deployment (set with npx convex env set for development and npx convex env set --prod for production), and some go on the web app project in Vercel. Several go in more than one place, and each entry below says where. In a local run most optional values are unset and the platform falls back to safe behavior.

The authoritative check is the doctor. Run npx pnpm run setup:check for a local instance, or npx pnpm run setup:check -- --target=prod for a live one, and it names exactly what is missing. Keep every secret in a password manager and never commit one to Git.


Backend Connection#

Wires the running app to the Convex Cloud backend.

NameKindRequiredPurpose
CONVEX_DEPLOYMENTconfigyesAnchors the command line tool to your project so deploy commands target the right backend. Set locally
NEXT_PUBLIC_CONVEX_URLconfigyesThe backend URL the running app connects to. Development URL locally, production URL on Vercel
NEXT_PUBLIC_CONVEX_SITE_URLconfigyesThe browser-readable backend site origin used by the custom-domain redirect and server auth helpers

App#

Tells the platform where it lives.

NameKindRequiredPurpose
SITE_URLconfigyesThe app's public origin. Sign-in cookies, email links, and redirect safety all key off it, so it must match your real domain in production. The single most important "where am I" value
NEXT_PUBLIC_SITE_URLconfignoA browser-readable fallback read only by the in-app custom-domain admin page. Setting SITE_URL alone is enough for normal use
COMMUNITY_NAMEconfignoA legacy fallback for the community name. The live name comes from the admin Settings page, so this is safe to leave unset

Auth and Secrets#

Signs sessions and protects abuse controls. These are per-environment. Never share one value between development and production, and do not rotate them on a live deployment or existing signed and protected data stops matching.

NameKindRequiredPurpose
BETTER_AUTH_SECRETgeneratedyesSigns sign-in sessions and tokens. Lives on the backend deployment. Distinct per environment
ENCRYPTION_KEYgeneratedyesProtects the identifiers behind abuse detection and rate limiting. Read by both halves, so it goes on the backend, on Vercel, and in your local file, sharing one value within each environment. Distinct per environment
GOOGLE_CLIENT_IDprovidernoThe Google sign-in client id. Unset means Google sign-in is simply off
GOOGLE_CLIENT_SECRETprovidernoThe Google sign-in client secret, paired with the id above

Email#

Delivers sign-in, notifications, and digests. See Email and Deliverability for the full walkthrough. These read on the backend.

NameKindRequiredPurpose
EMAIL_PROVIDERconfigyesChooses your email provider. Pick one and set its key below
EMAIL_FROMconfigyesThe From address for all outbound email. Must be a verified sender at your provider. If unset, verification and password-reset emails fail closed rather than send from a bogus address
SENDGRID_API_KEYproviderwhen selectedTransport key, required when your provider is SendGrid (the default)
POSTMARK_SERVER_TOKENproviderwhen selectedTransport token, required when your provider is Postmark
EMAIL_PROVIDER_TRANSACTIONALconfignoAn optional separate provider for auth emails, on a dedicated sending stream for better inbox placement. Falls back to EMAIL_PROVIDER when unset
SENDGRID_API_KEY_TRANSACTIONALprovidernoA dedicated SendGrid key for the separate auth-email stream
POSTMARK_SERVER_TOKEN_TRANSACTIONALprovidernoA dedicated Postmark token for the separate auth-email stream

Payments (Stripe)#

Runs paid tiers, courses, and coaching through your own Stripe account. Required only if you sell access. See Payments and Stripe Setup. These read on the backend.

NameKindRequiredPurpose
STRIPE_SECRET_KEYproviderfor paidYour Stripe API key. Use the test key on the development backend and the live key on production. Never mix the two
STRIPE_WEBHOOK_SECRETproviderfor paidVerifies that payment webhook events genuinely came from Stripe. Each endpoint, test and live, has its own value, so match it to the environment

Live Video (Daily.co)#

Powers live events, meetings, and recordings through a third-party real-time video provider. Optional. Unset means the live streaming module stays inactive. See Live Video Setup. These read on the backend.

NameKindRequiredPurpose
DAILY_API_KEYproviderfor liveYour Daily.co API key. Unset means live events are off
DAILY_WEBHOOK_SECRETgeneratednoVerifies the recording-ready callbacks from Daily.co. Register the same value on the Daily.co webhook. Distinct per environment

Recording Storage (Vercel Blob)#

Where finished live-event recordings are kept for durable playback.

NameKindRequiredPurpose
BLOB_READ_WRITE_TOKENprovidernoThe storage token for permanent recording files. Vercel sets it on the web app project automatically, but you must copy it to the production backend by hand or recordings fall back to expiring links

AI (Optional)#

Powers the optional AI helpers. Both are off when unset.

NameKindRequiredPurpose
ANTHROPIC_API_KEYprovidernoEnables the AI assistant and content summaries
OPENAI_API_KEYprovidernoEnables semantic search and knowledge-base embeddings

Custom Domains (Optional)#

Powers the in-app admin page that attaches your own domain. Skip these and you can still attach a domain the normal way in the Vercel dashboard.

NameKindRequiredPurpose
VERCEL_TOKENprovidernoThe Vercel API token the in-app custom-domain page uses
VERCEL_PROJECT_IDconfignoThe Vercel project the custom-domain page manages
VERCEL_TEAM_IDconfignoYour Vercel team, if you use one. Skip on a personal account

Mobile and Build#

NameKindRequiredPurpose
NEXT_PUBLIC_NATIVE_CALLS_ENABLEDconfignoActivates the native call client in a Capacitor app-shell build. Web builds ignore it. Only relevant if you opt in to the native call package
ENABLE_EXPERIMENTAL_COREPACKconfigyes (Vercel)Lets the package manager run during Vercel builds. Set it on the web app project

Next Steps#

Was this page helpful?