Skip to main content

Overview

MedMitra uses environment variables for configuration, keeping sensitive information secure and separate from code. This guide covers all available configuration options for both backend and frontend.

Environment Files

MedMitra uses different environment files for different components:

Backend

.env in the backend/ directory

Frontend

.env.local in the frontend/ directory
Never commit .env or .env.local files to version control. These files contain sensitive API keys and credentials.

Backend Configuration

The backend requires the following environment variables in backend/.env:

Supabase Configuration

Supabase provides database, authentication, and file storage services.
SUPABASE_URL
string
required
Your Supabase project URL. Find this in Project Settings → API.Format: https://your-project-id.supabase.coExample:
SUPABASE_URL="https://xyzabcdef123.supabase.co"
SUPABASE_SERVICE_ROLE_KEY
string
required
The service role key with admin privileges. This key bypasses Row Level Security (RLS).
Keep this key secret! Never expose it in client-side code or commit it to version control.
Location: Project Settings → API → service_role keyExample:
SUPABASE_SERVICE_ROLE_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

AI Service Configuration

Groq API

GROQ_API_KEY
string
required
API key for Groq’s LLM inference service. Used for medical text analysis and radiology image interpretation.Models Used:
  • llama-3.3-70b-versatile for text analysis
  • llava-v1.5-7b-4096-preview for vision/image analysis
How to Obtain:
  1. Visit console.groq.com
  2. Sign up or log in
  3. Navigate to API Keys
  4. Create a new API key
Example:
GROQ_API_KEY="gsk_abcdef123456789..."
Groq offers a generous free tier with fast inference speeds. Monitor your usage in the console.

LlamaParse API

LLAMAPARSE_API_KEY
string
required
API key for LlamaIndex’s LlamaParse document parsing service. Used to extract structured text from PDF lab reports.How to Obtain:
  1. Visit cloud.llamaindex.ai
  2. Create an account
  3. Navigate to API Keys in settings
  4. Generate a new API key
Example:
LLAMAPARSE_API_KEY="llx-..."
LlamaParse is specifically designed for complex document layouts and performs better than standard PDF parsers for medical documents.

Vector Database Configuration (Optional)

These settings are for future features involving semantic search and RAG (Retrieval-Augmented Generation).
WEAVIATE_API_KEY
string
API key for Weaviate vector database (optional, for future features).Example:
WEAVIATE_API_KEY="your_weaviate_api_key"
Currently not used in production but reserved for future enhancements.
WEAVIATE_REST_URL
string
REST endpoint URL for Weaviate instance.Example:
WEAVIATE_REST_URL="https://your-cluster.weaviate.network"

Complete Backend .env Template

# Supabase
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_SERVICE_ROLE_KEY="your_service_role_key"

# AI Services
GROQ_API_KEY="your_groq_api_key"
LLAMAPARSE_API_KEY="your_llamaparse_api_key"

Frontend Configuration

The frontend requires the following environment variables in frontend/.env.local:

Supabase Configuration (Client-Side)

NEXT_PUBLIC_SUPABASE_URL
string
required
Your Supabase project URL. Same as backend but with NEXT_PUBLIC_ prefix for client-side access.Example:
NEXT_PUBLIC_SUPABASE_URL="https://xyzabcdef123.supabase.co"
The NEXT_PUBLIC_ prefix makes this variable accessible in the browser. Only use it for non-sensitive values.
NEXT_PUBLIC_SUPABASE_ANON_KEY
string
required
The anonymous/public key for client-side Supabase access. This key is safe to expose in the browser.Location: Project Settings → API → anon public keyExample:
NEXT_PUBLIC_SUPABASE_ANON_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
This key respects Row Level Security (RLS) policies, making it safe for client-side use.

Backend API Configuration

NEXT_PUBLIC_FASTAPI_BACKEND_URL
string
required
URL where your FastAPI backend is running.Development:
NEXT_PUBLIC_FASTAPI_BACKEND_URL="http://localhost:8000"
Production:
NEXT_PUBLIC_FASTAPI_BACKEND_URL="https://your-backend.koyeb.app"
Update this URL when deploying to production. Ensure your backend allows CORS requests from your frontend domain.

Speech-to-Text Configuration

NEXT_PUBLIC_GLADIA_API_KEY
string
required
API key for Gladia’s speech-to-text service. Used for transcribing doctor’s audio notes.How to Obtain:
  1. Visit gladia.io
  2. Sign up and verify your email
  3. Navigate to the dashboard
  4. Generate an API key
Example:
NEXT_PUBLIC_GLADIA_API_KEY="your_gladia_api_key"
Gladia provides high-accuracy medical transcription with support for medical terminology.

Complete Frontend .env.local Template

frontend/.env.local
# Supabase Client Configuration
NEXT_PUBLIC_SUPABASE_URL="https://your-project.supabase.co"
NEXT_PUBLIC_SUPABASE_ANON_KEY="your_anon_public_key"

# Backend API
NEXT_PUBLIC_FASTAPI_BACKEND_URL="http://localhost:8000"

# Speech-to-Text
NEXT_PUBLIC_GLADIA_API_KEY="your_gladia_api_key"

Configuration by Environment

Development Configuration

Backend (.env):
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_SERVICE_ROLE_KEY="your_service_role_key"
GROQ_API_KEY="your_groq_api_key"
LLAMAPARSE_API_KEY="your_llamaparse_api_key"
Frontend (.env.local):
NEXT_PUBLIC_SUPABASE_URL="https://your-project.supabase.co"
NEXT_PUBLIC_SUPABASE_ANON_KEY="your_anon_key"
NEXT_PUBLIC_FASTAPI_BACKEND_URL="http://localhost:8000"
NEXT_PUBLIC_GLADIA_API_KEY="your_gladia_api_key"
Server Commands:
  • Backend: uvicorn app:app --reload
  • Frontend: npm run dev

Loading Configuration

Backend (Python)

The backend uses python-dotenv to load environment variables:
config.py
import os
from dotenv import load_dotenv

load_dotenv()

SUPABASE_URL = os.getenv("SUPABASE_URL")
SUPABASE_SERVICE_ROLE_KEY = os.getenv("SUPABASE_SERVICE_ROLE_KEY")
GROQ_API_KEY = os.getenv("GROQ_API_KEY")
LLAMAPARSE_API_KEY = os.getenv("LLAMAPARSE_API_KEY")
WEAVIATE_API_KEY = os.getenv("WEAVIATE_API_KEY")
WEAVIATE_REST_URL = os.getenv("WEAVIATE_REST_URL")

Frontend (Next.js)

Next.js automatically loads .env.local files. Access variables in code: 
// Accessible anywhere in your app
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL
const backendUrl = process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL
Only variables prefixed with NEXT_PUBLIC_ are accessible in client-side code.

Security Best Practices

  • Add .env and .env.local to .gitignore
  • Use .env.example files to document required variables without values
  • Never hardcode API keys in source code
  • Rotate API keys every 3-6 months
  • Immediately rotate if a key is accidentally exposed
  • Use separate keys for development, staging, and production
  • Separate Supabase projects for dev/staging/production
  • Different API keys for each environment when possible
  • Restrict production keys to production servers only
  • Use anon key (not service role) in frontend
  • Set up Row Level Security (RLS) policies in Supabase
  • Limit API key permissions where possible

Validation and Troubleshooting

Verify Configuration

Create a simple script to verify your configuration: 
# backend/verify_config.py
import os
from dotenv import load_dotenv

load_dotenv()

required_vars = [
    "SUPABASE_URL",
    "SUPABASE_SERVICE_ROLE_KEY",
    "GROQ_API_KEY",
    "LLAMAPARSE_API_KEY"
]

for var in required_vars:
    value = os.getenv(var)
    if value:
        print(f"✓ {var}: {value[:20]}...")
    else:
        print(f"✗ {var}: NOT SET")

Common Configuration Issues

Backend:
  • Ensure .env file is in the same directory as app.py
  • Verify no typos in variable names
  • Check that load_dotenv() is called before accessing variables
  • Try python-dotenv instead of reading files manually
Frontend:
  • Ensure file is named exactly .env.local (not .env or env.local)
  • Restart the dev server after adding/changing variables
  • Verify NEXT_PUBLIC_ prefix for client-side variables
If you see CORS errors when frontend calls backend:
  1. Verify NEXT_PUBLIC_FASTAPI_BACKEND_URL is correct
  2. Check backend CORS configuration in app.py:
app.add_middleware(
    CORSMiddleware,
    allow_origins=["http://localhost:3000"],  # Add your frontend URL
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)
  1. In production, update allow_origins to your frontend domain
  • Verify URL format: https://xyz.supabase.co (no trailing slash)
  • Check API keys for extra spaces or newlines
  • Ensure Supabase project is not paused (free tier)
  • Test connection directly in Supabase SQL Editor
  • Verify key is copied completely (no truncation)
  • Check if key has expired or been revoked
  • Ensure no quotes around the key value in .env
  • Try regenerating the key in the provider’s dashboard

Configuration Examples

Template Files

Create example files for your team: 
# Supabase Configuration
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_SERVICE_ROLE_KEY="your_service_role_key_here"

# AI Service API Keys
GROQ_API_KEY="your_groq_api_key_here"
LLAMAPARSE_API_KEY="your_llamaparse_api_key_here"

# Optional: Vector Database
# WEAVIATE_API_KEY="your_weaviate_api_key"
# WEAVIATE_REST_URL="your_weaviate_rest_url"

Environment Variable Reference

Quick Reference Table

VariableComponentRequiredDescription
SUPABASE_URLBackendYesSupabase project URL
SUPABASE_SERVICE_ROLE_KEYBackendYesAdmin key for backend operations
GROQ_API_KEYBackendYesGroq LLM API key
LLAMAPARSE_API_KEYBackendYesLlamaParse document parsing key
WEAVIATE_API_KEYBackendNoVector database key (future)
WEAVIATE_REST_URLBackendNoVector database URL (future)
NEXT_PUBLIC_SUPABASE_URLFrontendYesSupabase project URL
NEXT_PUBLIC_SUPABASE_ANON_KEYFrontendYesPublic key for client auth
NEXT_PUBLIC_FASTAPI_BACKEND_URLFrontendYesBackend API endpoint
NEXT_PUBLIC_GLADIA_API_KEYFrontendYesSpeech-to-text API key

Next Steps

Getting Started

Quick start guide to get MedMitra running

API Reference

Explore all available API endpoints

Authentication

Learn about authentication and user management

AI Agents

Understand the multi-agent AI system

Build docs developers (and LLMs) love

Get started for freeTalk to us