Production environment
Set these in your hosting provider. Values marked required must be present for core functionality.
Core (required)
| Variable | Notes |
|---|---|
DATABASE_URL |
Production Postgres connection string |
AUTH_SECRET |
Long random string — rotate if compromised |
AUTH_TRUST_HOST |
true on Vercel |
NEXT_PUBLIC_SITE_URL |
Canonical site URL, e.g. https://thehclab.com |
Auth & admin seeding
| Variable | Notes |
|---|---|
ADMIN_PASSWORD |
Used when running db:seed for initial admin |
RESEARCHER_PASSWORD |
Optional; defaults to admin password |
| Variable | Notes |
|---|---|
RESEND_API_KEY |
Transactional email |
EMAIL_FROM |
Sender, e.g. THE HCLAB <noreply@yourdomain.com> |
Without Resend, password resets log to server output (not suitable for production).
Newsletter
| Variable | Notes |
|---|---|
MAILCHIMP_API_KEY |
Marketing API key |
MAILCHIMP_AUDIENCE_ID |
Audience / list ID |
MAILCHIMP_DOUBLE_OPT_IN |
"true" when enabled in Mailchimp |
Without Mailchimp, subscribers are stored in Postgres only.
Stripe
| Variable | Notes |
|---|---|
STRIPE_SECRET_KEY |
Server-side API key |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY |
Client-side key |
STRIPE_WEBHOOK_SECRET |
Webhook signing secret |
Point the Stripe webhook to https://your-domain.com/api/stripe/webhook.
Research (optional)
| Variable | Notes |
|---|---|
OPENAI_API_KEY |
AI-assisted study tasks |
OPENAI_MODEL |
Default gpt-4o-mini |
RESEARCH_ADMIN_EMAIL |
Enrollment notification recipient |
CRON_SECRET |
Bearer token for cron routes |
EVENT_QUEUE_DISABLED |
"true" for synchronous event processing (debug) |
EXPORT_S3_* |
S3-compatible storage for large exports |
Maintenance
| Variable | Notes |
|---|---|
MAINTENANCE_MODE |
"true" to show maintenance page |
MAINTENANCE_MESSAGE |
Custom message (optional) |
MAINTENANCE_BYPASS_SECRET |
Query param + cookie bypass for staff preview |
See Usage & configuration → Maintenance mode for behavior details.