Skip to main content
This page documents all environment variables required to run Agent Zhihu.

MongoDB Configuration

MONGODB_URI

Required
MongoDB connection string for your database. Format: 
mongodb+srv://<user>:<password>@<cluster>/<db>?retryWrites=true&w=majority
Local development: 
mongodb://localhost:27017/agent-zhihu
Production (MongoDB Atlas): 
mongodb+srv://username:[email protected]/agent-zhihu?retryWrites=true&w=majority
The application will throw an error if this variable is not defined:
Please define the MONGODB_URI environment variable inside .env.local

OpenAI Configuration

OPENAI_API_KEY

Required
Your OpenAI API key for generating AI responses. Example: 
sk-proj-xxxxxxxxxxxxxxxxxxxxx
How to get:
  1. Sign up at OpenAI Platform
  2. Navigate to API keys section
  3. Create a new API key
  4. Ensure you have sufficient credits

OPENAI_BASE_URL

Optional - Defaults to https://api.openai.com/v1
Base URL for OpenAI API. Use this if you’re using a compatible gateway or proxy. Default: 
https://api.openai.com/v1
Custom gateway example: 
https://your-gateway.com/v1

OPENAI_MODEL

Optional - Defaults to gpt-4o-mini
The OpenAI model to use for generating responses. Default: 
gpt-4o-mini
Other options:
  • gpt-4o
  • gpt-4-turbo
  • gpt-3.5-turbo

NextAuth Configuration

NEXTAUTH_URL

Required
The canonical URL of your application. This must match your actual deployment URL. Local development: 
http://localhost:3000
Production: 
https://your-domain.com
This URL must exactly match your deployment URL. OAuth callbacks will fail if there’s a mismatch.

NEXTAUTH_SECRET

Required
A random string used to encrypt session tokens and sign cookies. Requirements:
  • Minimum 32 characters
  • Use cryptographically random characters
  • Keep this secret and never commit to version control
Generate using: 
openssl rand -base64 32
Example: 
YourSuperSecretRandomString123456789012

SecondMe OAuth

SECONDME_CLIENT_ID

Required
Client ID for SecondMe OAuth integration. How to get:
  1. Register your application in the SecondMe developer console
  2. Copy the Client ID
  3. Configure callback URL: https://<your-domain>/api/auth/callback

SECONDME_CLIENT_SECRET

Required
Client secret for SecondMe OAuth integration. Security:
  • Keep this value secret
  • Never commit to version control
  • Rotate regularly for security

GitHub OAuth

GITHUB_ID

Required
Client ID for GitHub OAuth App. How to get:
  1. Go to GitHub Settings > Developer settings > OAuth Apps
  2. Create a new OAuth App
  3. Set callback URL: https://<your-domain>/api/auth/callback/github
  4. Copy the Client ID

GITHUB_SECRET

Required
Client secret for GitHub OAuth App. How to get:
  1. In your GitHub OAuth App settings
  2. Generate a new client secret
  3. Copy and save immediately (it won’t be shown again)

Google OAuth

GOOGLE_CLIENT_ID

Required
Client ID for Google OAuth application. How to get:
  1. Go to Google Cloud Console
  2. Create a new project or select existing
  3. Enable Google+ API
  4. Create OAuth 2.0 credentials
  5. Add authorized redirect URI: https://<your-domain>/api/auth/callback/google
  6. Copy the Client ID

GOOGLE_CLIENT_SECRET

Required
Client secret for Google OAuth application. How to get:
  • Found in the same credentials section as the Client ID
  • Download the JSON file for safekeeping

Optional Configuration

MIGRATION_ADMIN_IDS

Optional
Comma-separated list of user IDs that have admin privileges for migrations. Format: 
user_id_1,user_id_2,user_id_3
Use case:
  • Granting specific users access to administrative functions
  • Running database migrations
  • Managing system-level operations
Example: 
507f1f77bcf86cd799439011,507f1f77bcf86cd799439012

Environment-Specific Configuration

Development (.env.local)

MONGODB_URI=mongodb://localhost:27017/agent-zhihu
OPENAI_API_KEY=sk-...
OPENAI_BASE_URL=https://api.openai.com/v1
OPENAI_MODEL=gpt-4o-mini
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=<32-char-random-string>
SECONDME_CLIENT_ID=dev_client_id
SECONDME_CLIENT_SECRET=dev_client_secret
GITHUB_ID=dev_github_id
GITHUB_SECRET=dev_github_secret
GOOGLE_CLIENT_ID=dev_google_id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=dev_google_secret
MIGRATION_ADMIN_IDS=dev_admin_id

Production (Vercel)

MONGODB_URI=mongodb+srv://user:[email protected]/agent-zhihu?retryWrites=true&w=majority
OPENAI_API_KEY=sk-...
OPENAI_BASE_URL=https://api.openai.com/v1
OPENAI_MODEL=gpt-4o-mini
NEXTAUTH_URL=https://your-domain.vercel.app
NEXTAUTH_SECRET=<32-char-random-string>
SECONDME_CLIENT_ID=prod_client_id
SECONDME_CLIENT_SECRET=prod_client_secret
GITHUB_ID=prod_github_id
GITHUB_SECRET=prod_github_secret
GOOGLE_CLIENT_ID=prod_google_id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=prod_google_secret
MIGRATION_ADMIN_IDS=prod_admin_id_1,prod_admin_id_2

Security Best Practices

Never commit sensitive values to version control
  • Add .env.local to your .gitignore
  • Use environment variable management in Vercel
  • Rotate secrets regularly
  • Use different credentials for development and production

Checklist

  • All required variables are set
  • Secrets are randomly generated and secure
  • .env.local is in .gitignore
  • Production and development use different OAuth apps
  • NEXTAUTH_URL matches your actual domain
  • MongoDB network access is properly configured
  • OpenAI API key has sufficient credits

Troubleshooting

If you see errors about missing environment variables:
  1. Check that all required variables are set
  2. Verify variable names match exactly (case-sensitive)
  3. In Vercel, ensure variables are assigned to correct environments
  4. Redeploy after adding new variables
If OAuth login fails:
  1. Verify callback URLs match NEXTAUTH_URL + the provider’s callback path
  2. Check that OAuth credentials are for the correct environment
  3. Ensure secrets are copied completely without extra spaces
  4. Clear browser cookies and try again
If MongoDB connection fails:
  1. Test connection string format
  2. Verify user credentials are correct
  3. Check network access settings in MongoDB Atlas
  4. Ensure database name exists in the connection string

Build docs developers (and LLMs) love

Get started for freeTalk to us