Skip to main content
YBH Pulse Content uses environment variables for configuration across client-side and server-side components. Variables are split between .env (client-side) and .dev.vars (server-side) for local development.

Client-side variables

Client-side variables use the VITE_ prefix and are bundled into the frontend. Only include non-sensitive values.

Sanity CMS

VITE_SANITY_PROJECT_ID
string
required
Your Sanity project ID. Find this in your Sanity project settings.Example: usl8dp6j
VITE_SANITY_DATASET
string
required
The Sanity dataset to use (typically production or development).Default: production

Brand kit

VITE_BRANDKIT_CTA_URL
string
Public URL for the brand kit CTA button. Should point to Phil’s scheduler (Calendly, Zoom, etc.).Example: https://calendly.com/phil-howard/meeting

Server-side variables

Server-side variables are stored in .dev.vars for local development and configured via Cloudflare Dashboard or wrangler secret for production.

AI providers

GOOGLE_GENERATIVE_AI_API_KEY
string
required
Google Gemini API key for primary agentic AI operations.Get your key: https://aistudio.google.com/apikeyUsed for: PRF generation, metadata extraction, visual suggestions, fact-checking
ANTHROPIC_API_KEY
string
Anthropic Claude API key as fallback when Google key is not set.Format: sk-ant-...
OPENROUTER_API_KEY
string
OpenRouter API key for embedding generation.Format: sk-or-...Used for: Vector embeddings for Pinecone RAG

Image generation

KIEAI_API_KEY
string
required
Kie.ai API key for image generation using Nano Banana Pro.Get your key: Contact Kie.ai supportUsed for: Infographics, quote cards, career timelines, YouTube thumbnails

LinkedIn scraping

RAPIDAPI_KEY
string
required
RapidAPI key for LinkedIn profile scraping.Get your key: https://rapidapi.comUsed for: Guest career history extraction, profile data caching

Knowledge base

PINECONE_API_KEY
string
required
Pinecone API key for vector database operations.Used for: Brand guidelines, infographic design database, writing guidelines
PINECONE_HOST
string
required
Full Pinecone index URL including region.Format: https://your-index-name.svc.region.pinecone.io

Sanity CMS

SANITY_API_TOKEN
string
required
Sanity API token with editor permissions for write access.Permissions: Editor role requiredSecurity: Never expose this client-side. Keep server-side only.

Authentication

JWT_SECRET
string
required
Secret key for JWT token signing. Must be at least 32 characters.Generate with:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
Production setup:
wrangler secret put JWT_SECRET

Email (password reset)

RESEND_API_KEY
string
required
Resend API key for sending password reset emails.Format: re_...Get your key: https://resend.com/api-keys
RESEND_FROM_EMAIL
string
required
Verified sender email address for password reset emails.Format: Pulse Studio <[email protected]>Note: Must be verified in your Resend account
APP_BASE_URL
string
Base URL for the application, used in password reset links.Local: http://localhost:5173Production: https://production.youvebeenheard.com

YBH sales platform integration

YBH_SALES_API_URL
string
URL for YBH Sales Platform API for guest auto-sync.Example: https://api.youvebeenheard.comOptional but recommended
YBH_SALES_API_KEY
string
API key for authenticating with YBH Sales Platform.Must match: WEBHOOK_API_KEY or one of KANBAN_API_KEYS in ybh-sales-platform
YBH_BACKFILL_API_KEY
string
Optional dedicated key to protect /api/ybh/backfill-guests endpoint.Fallback: Uses YBH_SALES_API_KEY if not set

Social scheduling

LATE_API_KEY
string
Late API key for social media scheduling.Used for: LinkedIn, Twitter, Instagram post scheduling

Bot access

PULSE_BOT_API_KEY
string
API key for server-to-server bot authentication.Usage: Include in header X-Pulse-Bot-Api-Key when calling /api/late/* endpointsOptional: Only needed for automated bots

Media processing

ASSEMBLYAI_API_KEY
string
AssemblyAI API key for video transcription.Get your key: https://www.assemblyai.com/dashboardUsed for: /api/media/transcribe endpoint for video-to-text conversion
GOOGLE_DRIVE_SA_KEY
string
Base64-encoded JSON of Google Cloud service account key for Drive access.Get your key: https://console.cloud.google.com/iam-admin/serviceaccountsUsed for: Pulling transcripts from shared Google Drive folderSetup:
wrangler secret put GOOGLE_DRIVE_SA_KEY

Environment setup

Local development

1

Copy example files

cp .env.example .env
cp .dev.vars.example .dev.vars
2

Fill in values

Edit .env and .dev.vars with your API keys and configuration values.
3

Generate JWT secret

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
Add the output to .dev.vars as JWT_SECRET.
4

Start development server

npm run dev

Production deployment

1

Set client-side variables

Configure in Cloudflare Pages project settings under Environment Variables:
  • VITE_SANITY_PROJECT_ID
  • VITE_SANITY_DATASET
  • VITE_BRANDKIT_CTA_URL
2

Set secrets via Wrangler

wrangler secret put JWT_SECRET
wrangler secret put SANITY_API_TOKEN
wrangler secret put KIEAI_API_KEY
wrangler secret put RAPIDAPI_KEY
wrangler secret put PINECONE_API_KEY
wrangler secret put GOOGLE_GENERATIVE_AI_API_KEY
wrangler secret put RESEND_API_KEY
wrangler secret put GOOGLE_DRIVE_SA_KEY
wrangler secret put ASSEMBLYAI_API_KEY
3

Set non-secret environment variables

Configure in Cloudflare Pages project settings:
  • PINECONE_HOST
  • RESEND_FROM_EMAIL
  • APP_BASE_URL
  • YBH_SALES_API_URL (optional)
  • YBH_SALES_API_KEY (optional)
4

Deploy

npm run deploy
Session tokens expire after 24 hours. All team members must sign in with @popularit.net email addresses.

Variable reference by feature

Content generation

  • GOOGLE_GENERATIVE_AI_API_KEY - Primary AI provider
  • ANTHROPIC_API_KEY - Fallback AI provider
  • OPENROUTER_API_KEY - Embeddings for RAG
  • PINECONE_API_KEY - Knowledge base
  • PINECONE_HOST - Vector database connection

Image generation

  • KIEAI_API_KEY - Kie.ai Nano Banana Pro

Guest data

  • RAPIDAPI_KEY - LinkedIn profile scraping
  • SANITY_API_TOKEN - Guest profile storage

Authentication & security

  • JWT_SECRET - Session token signing
  • RESEND_API_KEY - Password reset emails
  • RESEND_FROM_EMAIL - Email sender identity
  • APP_BASE_URL - Reset link generation

Integrations

  • YBH_SALES_API_URL - Sales platform sync
  • YBH_SALES_API_KEY - Sales platform auth
  • LATE_API_KEY - Social media scheduling
  • GOOGLE_DRIVE_SA_KEY - Transcript retrieval
  • ASSEMBLYAI_API_KEY - Video transcription

Security best practices

Never commit .env or .dev.vars files to version control. These files are in .gitignore by default.
  • Use different API keys for development and production environments
  • Rotate JWT secrets periodically
  • Store production secrets only in Cloudflare Dashboard or via wrangler secret
  • Never expose SANITY_API_TOKEN client-side
  • Use verified sender identities for RESEND_FROM_EMAIL
  • Keep YBH_SALES_API_KEY values in sync between platforms

Build docs developers (and LLMs) love

Get started for freeTalk to us