Skip to main content
GatePass uses environment variables to configure payment gateways, blockchain networks, and third-party services. This guide documents all available variables.

Configuration Files

GatePass uses different environment files for different parts of the application:

Root .env

Frontend configuration (Vite)Variables prefixed with VITE_

Server .env

Backend configuration (Express)Standard environment variables

Frontend Variables (Root .env)

These variables are used by the React/Vite frontend application and must be prefixed with VITE_ to be exposed to the client.

Payment Gateway Configuration

VITE_PAYSTACK_PUBLIC_KEY
string
required
Paystack public API key for accepting card payments in Nigeria and Ghana.Format: pk_test_... (test) or pk_live_... (production)Example:
VITE_PAYSTACK_PUBLIC_KEY=pk_test_abc123def456ghi789
Get your Paystack API keys from the Paystack Dashboard.
VITE_FLUTTERWAVE_PUBLIC_KEY
string
required
Flutterwave public API key for accepting payments across Africa.Format: FLWPUBK_TEST-... (test) or FLWPUBK-... (production)Example:
VITE_FLUTTERWAVE_PUBLIC_KEY=FLWPUBK_TEST-1234567890abcdef
Get your Flutterwave API keys from the Flutterwave Dashboard.

Blockchain Configuration

VITE_CHAIN_ID
number
default:"137"
The blockchain network ID for NFT ticketing.Common values:
  • 1 - Ethereum Mainnet
  • 137 - Polygon Mainnet
  • 80001 - Polygon Mumbai Testnet
  • 11155111 - Ethereum Sepolia Testnet
Example:
# Polygon Mainnet
VITE_CHAIN_ID=137

# Polygon Testnet (for development)
VITE_CHAIN_ID=80001
VITE_RPC_URL
string
required
The RPC endpoint URL for blockchain interactions.Example:
# Polygon Mainnet
VITE_RPC_URL=https://polygon-rpc.com

# Polygon Mumbai Testnet
VITE_RPC_URL=https://rpc-mumbai.maticvigil.com

# Alchemy (recommended)
VITE_RPC_URL=https://polygon-mainnet.g.alchemy.com/v2/YOUR_API_KEY

# Infura
VITE_RPC_URL=https://polygon-mainnet.infura.io/v3/YOUR_API_KEY
Use a reliable RPC provider like Alchemy or Infura for production.

Analytics

VITE_ANALYTICS_ID
string
Analytics service identifier (Google Analytics, Mixpanel, etc.).Example:
VITE_ANALYTICS_ID=G-XXXXXXXXXX

Backend Variables (Server .env)

The backend .env file should be located at src/packages/server/.env (if needed). Currently, the application uses the Supabase configuration wired in the codebase.

Database

DATABASE_URL
string
required
PostgreSQL connection string for production. SQLite is used by default in development.Format: postgresql://USER:PASSWORD@HOST:PORT/DATABASE?schema=SCHEMAExample:
# Local PostgreSQL
DATABASE_URL="postgresql://postgres:password@localhost:5432/gatepass?schema=public"

# Hosted (Supabase, Railway, etc.)
DATABASE_URL="postgresql://user:[email protected]:5432/gatepass"
The database URL is read by Prisma from this variable in schema.prisma:11.

Authentication

JWT_SECRET
string
required
Secret key for signing JWT tokens.Example:
JWT_SECRET=your-super-secret-jwt-key-min-32-chars
Use a strong, random string for production. Generate one with:
openssl rand -base64 32
JWT_EXPIRES_IN
string
default:"7d"
JWT token expiration time.Example:
JWT_EXPIRES_IN=7d      # 7 days
JWT_EXPIRES_IN=24h     # 24 hours
JWT_EXPIRES_IN=30m     # 30 minutes

OAuth Configuration

GOOGLE_CLIENT_ID
string
Google OAuth 2.0 client ID for “Sign in with Google”.Example:
GOOGLE_CLIENT_ID=123456789-abc123def456.apps.googleusercontent.com
Get credentials from Google Cloud Console.
GOOGLE_CLIENT_SECRET
string
Google OAuth 2.0 client secret.Example:
GOOGLE_CLIENT_SECRET=GOCSPX-abc123def456ghi789
TWITTER_API_KEY
string
Twitter OAuth 1.0a API key for “Sign in with Twitter”.
TWITTER_API_SECRET
string
Twitter OAuth 1.0a API secret.

Email Service

SMTP_HOST
string
SMTP server hostname for sending emails.Example:
SMTP_HOST=smtp.gmail.com
SMTP_PORT
number
default:"587"
SMTP server port.
SMTP_USER
string
SMTP authentication username.
SMTP_PASSWORD
string
SMTP authentication password.
FROM_EMAIL
string
Sender email address for outgoing emails.Example:
FROM_EMAIL=[email protected]

Server Configuration

PORT
number
default:"8000"
Port for the Express server.Example:
PORT=8000
NODE_ENV
string
default:"development"
Node environment mode.Values: development, production, testExample:
NODE_ENV=production
CORS_ORIGIN
string
Allowed CORS origins (comma-separated).Example:
CORS_ORIGIN=http://localhost:5173,https://gatepass.com

Example Configuration Files

Development Environment

# Payment Gateways (Test Mode)
VITE_PAYSTACK_PUBLIC_KEY=pk_test_your_test_key
VITE_FLUTTERWAVE_PUBLIC_KEY=FLWPUBK_TEST-your_test_key

# Blockchain (Polygon Mumbai Testnet)
VITE_CHAIN_ID=80001
VITE_RPC_URL=https://rpc-mumbai.maticvigil.com

# Analytics (Optional)
VITE_ANALYTICS_ID=

Production Environment

# Payment Gateways (Live Mode)
VITE_PAYSTACK_PUBLIC_KEY=pk_live_your_live_key
VITE_FLUTTERWAVE_PUBLIC_KEY=FLWPUBK-your_live_key

# Blockchain (Polygon Mainnet)
VITE_CHAIN_ID=137
VITE_RPC_URL=https://polygon-mainnet.g.alchemy.com/v2/YOUR_API_KEY

# Analytics
VITE_ANALYTICS_ID=G-XXXXXXXXXX

Variable Precedence

1

System Environment

Variables set in your system environment take highest precedence.
2

.env File

Variables in .env are loaded if not already set.
3

Default Values

Hardcoded defaults in the application code.

Security Best Practices

Never commit sensitive credentials to version control!

Use .env Files

Keep credentials in .env files that are in .gitignore

Rotate Keys

Regularly rotate API keys and secrets

Separate Environments

Use different keys for dev, staging, and production

Strong Secrets

Generate strong random strings for JWT secrets

Generating Secure Secrets

# Generate a secure JWT secret
openssl rand -base64 32

# Generate a random hex string
openssl rand -hex 32

# Using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

Environment Variable Validation

The application validates required environment variables on startup. If required variables are missing, the server will fail to start with an error message.
Pro tip: Create a .env.local file for local overrides that shouldn’t be committed. Add it to .gitignore.

Troubleshooting

Frontend (Vite):
  • Ensure variables are prefixed with VITE_
  • Restart the dev server after changing .env
  • Clear cache: rm -rf node_modules/.vite
Backend (Node.js):
  • Check the .env file location
  • Verify you’re using dotenv or similar
  • Restart the server
  • Verify API keys are for the correct environment (test vs live)
  • Check that keys haven’t expired
  • Ensure keys have the correct permissions
  • Look for typos in variable names
  • Verify the RPC URL is accessible
  • Check that VITE_CHAIN_ID matches the network
  • Try a different RPC provider
  • Ensure you have API credits (Alchemy, Infura)

Next Steps

Local Setup

Set up your development environment

Database Schema

Learn about the data models

Build docs developers (and LLMs) love

Get started for freeTalk to us