Skip to main content
Repolyze requires several environment variables to function properly. This guide explains each variable and how to configure them.

Configuration File

Create a .env.local file in the project root by copying the example: 
cp .env.example .env.local
Never commit .env.local to version control. It contains sensitive API keys and should remain private.

Required Variables

These variables are essential for Repolyze to work:

OpenRouter API Key

Used for AI-powered repository analysis. 
OPENROUTER_API_KEY=sk-or-v1-your-api-key-here
1

Sign up for OpenRouter

Go to OpenRouter and create an account.
2

Generate API Key

Navigate to Settings → API Keys and click “Create new key”.
3

Copy the key

Copy the API key (starts with sk-or-v1-) and add it to your .env.local file.
OpenRouter provides access to multiple AI models. Repolyze uses it to generate code analysis, insights, and recommendations.

GitHub Token

Required to fetch repository data from the GitHub API. 
GITHUB_TOKEN=ghp_your-github-token-here
1

Go to GitHub Settings

Navigate to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
2

Generate new token

Click “Generate new token (classic)”
3

Select scopes

Choose the following scopes:
  • repo - Full control of private repositories
  • read:user - Read user profile data
4

Generate and copy

Click “Generate token” and copy the token (starts with ghp_).
The GitHub token is used server-side only and never exposed to the browser. It allows Repolyze to fetch repository structure, files, and metadata.

Database URL

PostgreSQL connection string for user data and rate limiting. 
DATABASE_URL=postgresql://user:password@localhost:5432/repolyze
Format: postgresql://[user]:[password]@[host]:[port]/[database] See the Database Setup page for detailed configuration.

NextAuth Secret

Secret key for encrypting session tokens and cookies. 
AUTH_SECRET=your-auth-secret-here
1

Generate a secret

Run the following command to generate a secure random string:
npx auth secret
2

Add to .env.local

Copy the generated secret to your .env.local file.
Keep this secret secure and never share it publicly. Changing it will invalidate all existing user sessions.

OAuth Providers (Optional)

Repolyze supports GitHub and Google OAuth for user authentication.

GitHub OAuth

AUTH_GITHUB_ID=your-github-oauth-client-id
AUTH_GITHUB_SECRET=your-github-oauth-client-secret
1

Register OAuth App

Go to GitHub Developer SettingsOAuth AppsNew OAuth App
2

Configure settings

  • Application name: Repolyze (Development)
  • Homepage URL: http://localhost:3000
  • Authorization callback URL: http://localhost:3000/api/auth/callback/github
3

Get credentials

After creating the app, copy the Client ID and generate a Client Secret.

Google OAuth

AUTH_GOOGLE_ID=your-google-client-id
AUTH_GOOGLE_SECRET=your-google-client-secret
1

Create Google Cloud Project

Go to Google Cloud Console and create a new project.
2

Enable OAuth

Navigate to APIs & Services → CredentialsCreate Credentials → OAuth 2.0 Client ID
3

Configure OAuth consent screen

Set up the OAuth consent screen with your app information.
4

Create OAuth client

  • Application type: Web application
  • Authorized redirect URIs: http://localhost:3000/api/auth/callback/google
5

Get credentials

Copy the Client ID and Client Secret.

Polar.sh Integration (Optional)

For subscription and payment management. 
POLAR_ACCESS_TOKEN=polar_oat_XYZ
NEXT_PUBLIC_POLAR_PRODUCT_ID=XYZ
POLAR_WEBHOOK_SECRET=XYZ
Polar.sh is used for managing pro subscriptions. If you’re not implementing paid features, you can skip this.

Public Variables

These variables are prefixed with NEXT_PUBLIC_ and are exposed to the browser.

Site URL

NEXT_PUBLIC_SITE_URL=http://localhost:3000
Used for:
  • SEO metadata
  • Social sharing URLs
  • OAuth callback URLs
In production, set this to your deployed URL (e.g., https://repolyze.ossium.live)

Umami Analytics (Optional)

NEXT_PUBLIC_UMAMI_WEBSITE_ID=your_umami_website_id_here
If you want to track analytics using Umami, add your website ID here.

Promo Banner (Optional)

NEXT_PUBLIC_PROMO_MESSAGE=Proudly built by Ossium Inc. Supercharging developer tools.
NEXT_PUBLIC_PROMO_LINK=https://ossium.live
NEXT_PUBLIC_PROMO_ENABLED=true
Controls the promotional banner displayed at the top of the site.

Complete Example

Here’s a complete .env.local file with all variables: 
# AI & GitHub API
OPENROUTER_API_KEY=sk-or-v1-your-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here

# Database
DATABASE_URL=postgresql://user:password@localhost:5432/repolyze

# NextAuth
AUTH_SECRET=your-auth-secret-here

# Site Configuration
NEXT_PUBLIC_SITE_URL=http://localhost:3000

Environment-Specific Configuration

Development

For local development, use .env.local: 
NEXT_PUBLIC_SITE_URL=http://localhost:3000

Production

For production deployment (e.g., Vercel), set environment variables in your hosting platform: 
NEXT_PUBLIC_SITE_URL=https://repolyze.ossium.live
Never use development credentials in production. Always use separate API keys and database instances.

Security Best Practices

  • Never commit .env.local or .env.production to version control
  • Add .env*.local to your .gitignore file
  • Use different API keys for development and production
  • Regenerate API keys periodically
  • Update keys immediately if they’re exposed
  • Use key rotation features provided by services
  • Use minimum required scopes for GitHub tokens
  • Restrict API key access to specific IP addresses when possible
  • Monitor API usage for suspicious activity
  • Development keys for local testing
  • Staging keys for pre-production
  • Production keys for live deployment

Troubleshooting

  • Verify the key is correct (no extra spaces or line breaks)
  • Check if the key has been revoked or expired
  • Ensure the key has the required permissions/scopes
  • Restart the development server after changing environment variables
  • Make sure the file is named .env.local (not .env)
  • Restart the Next.js dev server (pnpm dev)
  • Check for syntax errors in the .env.local file
  • Verify the file is in the project root directory
  • Verify the callback URL matches exactly in OAuth settings
  • Check that NEXT_PUBLIC_SITE_URL is set correctly
  • Ensure OAuth app is approved (not in development mode)
  • Clear browser cookies and try again

Next Steps

Database Setup

Configure PostgreSQL and run Prisma migrations

Installation

Complete the installation process

Build docs developers (and LLMs) love

Get started for freeTalk to us