Justina uses environment variables for configuration across all services. This guide documents all available environment variables for the Backend, Frontend, and AI Service.
Backend Environment Variables
Required Variables
These variables must be set for the backend to function properly.
| Variable | Description | Required | Default |
|---|
JWT_SECRET_KEY | Secret key for signing JWT tokens | Yes | None |
PORT | Server port | No | 8080 |
Database Configuration
Development (H2 Database)
For local development, the backend uses H2 in-memory database by default:
SPRING_DATASOURCE_URL=jdbc:h2:mem:justina
SPRING_DATASOURCE_USERNAME=sa
SPRING_DATASOURCE_PASSWORD=
SPRING_DATASOURCE_DRIVER_CLASS_NAME=org.h2.Driver
SPRING_JPA_HIBERNATE_DDL_AUTO=create-drop
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT=org.hibernate.dialect.H2Dialect
H2 database is only suitable for development. All data is lost when the application restarts.
Production (PostgreSQL)
For production deployments, configure PostgreSQL:
SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/justina
SPRING_DATASOURCE_USERNAME=your_username
SPRING_DATASOURCE_PASSWORD=your_password
SPRING_DATASOURCE_DRIVER_CLASS_NAME=org.postgresql.Driver
SPRING_JPA_HIBERNATE_DDL_AUTO=update
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT=org.hibernate.dialect.PostgreSQLDialect
Database Variables Reference
| Variable | Description | Default |
|---|
SPRING_DATASOURCE_URL | JDBC connection URL | jdbc:h2:mem:justina |
SPRING_DATASOURCE_USERNAME | Database username | sa |
SPRING_DATASOURCE_PASSWORD | Database password | Empty string |
SPRING_DATASOURCE_DRIVER_CLASS_NAME | JDBC driver class | org.h2.Driver |
SPRING_JPA_HIBERNATE_DDL_AUTO | Schema generation strategy | create-drop |
SPRING_JPA_SHOW_SQL | Show SQL queries in logs | false |
SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT | Hibernate SQL dialect | org.hibernate.dialect.H2Dialect |
Optional Backend Variables
| Variable | Description | Default |
|---|
SPRING_JPA_SHOW_SQL | Log SQL queries | false |
Frontend Environment Variables
The Next.js frontend uses environment variables for API configuration.
Required Variables
NEXT_PUBLIC_API_URL=http://localhost:8080
NEXT_PUBLIC_WS_URL=ws://localhost:8080
| Variable | Description | Required | Default |
|---|
NEXT_PUBLIC_API_URL | Backend REST API base URL | Yes | http://localhost:8080 |
NEXT_PUBLIC_WS_URL | WebSocket server URL | Yes | ws://localhost:8080 |
Variables prefixed with NEXT_PUBLIC_ are exposed to the browser. Never use this prefix for secrets.
Build Variables
| Variable | Description | Default |
|---|
PORT | Development server port | 3000 |
NODE_ENV | Environment mode | development |
AI Service Environment Variables
The Python AI service requires configuration for backend connectivity and authentication.
Required Variables
BACKEND_URL=http://localhost:8080
IA_USERNAME=ia_justina
IA_PASSWORD=ia_secret_2024
| Variable | Description | Required | Default |
|---|
BACKEND_URL | Backend API base URL | Yes | http://localhost:8080 |
IA_USERNAME | AI service username | Yes | ia_justina |
IA_PASSWORD | AI service password | Yes | ia_secret_2024 |
Change the default IA_PASSWORD in production environments!
Optional AI Variables
| Variable | Description | Default |
|---|
REQUEST_TIMEOUT | HTTP request timeout (seconds) | 10 |
RETRY_ATTEMPTS | Number of retry attempts | 3 |
PORT | Health check server port | 8000 |
Configuration Examples
Example .env File Structure
# Backend
JWT_SECRET_KEY=dev-secret-key-change-in-production
PORT=8080
SPRING_DATASOURCE_URL=jdbc:h2:mem:justina
SPRING_DATASOURCE_USERNAME=sa
SPRING_DATASOURCE_PASSWORD=
SPRING_JPA_SHOW_SQL=true
# Frontend
NEXT_PUBLIC_API_URL=http://localhost:8080
# AI Service
BACKEND_URL=http://localhost:8080
IA_USERNAME=ia_justina
IA_PASSWORD=ia_secret_2024
Setting Environment Variables
Linux/macOS
# Export for current session
export JWT_SECRET_KEY="your-secret-key"
# Add to ~/.bashrc or ~/.zshrc for persistence
echo 'export JWT_SECRET_KEY="your-secret-key"' >> ~/.bashrc
Windows (PowerShell)
# Set for current session
$env:JWT_SECRET_KEY="your-secret-key"
# Set permanently (system-wide)
[System.Environment]::SetEnvironmentVariable('JWT_SECRET_KEY', 'your-secret-key', 'Machine')
Docker
# Command line
docker run -e JWT_SECRET_KEY="your-secret-key" justina-backend
# Or use .env file with docker-compose
docker-compose --env-file .env up
Security Best Practices
Use Strong Secrets
Generate secure random strings for JWT_SECRET_KEY:# Generate 256-bit secret
openssl rand -base64 32
Never Commit Secrets
Add .env to .gitignore:.env
.env.local
.env.production
Use Different Secrets Per Environment
Maintain separate secrets for development, staging, and production.
Rotate Credentials Regularly
Change passwords and secrets periodically, especially after team member changes.
Default Credentials
The backend initializes with default users on first startup:
| Username | Password | Role |
|---|
surgeon_master | justina2024 | ROLE_SURGEON |
ia_justina | ia_secret_2024 | ROLE_IA |
Critical Security Notice: Change these default passwords immediately in production environments!
Next Steps
After configuring environment variables, proceed with deployment:
