Skip to main content

Overview

Kuest Prediction Market uses environment variables to configure various aspects of the application, including authentication, database connections, storage, and third-party integrations. Copy .env.example to .env and configure the variables according to your deployment needs.

Required Variables

These variables must be set for the application to function properly.

Kuest CLOB Authentication

KUEST_ADDRESS
string
required
Your Kuest CLOB wallet address (EVM address, 0x… format on Polygon). Get your credentials by connecting your wallet at https://auth.kuest.com.
KUEST_ADDRESS="0x..."
KUEST_API_KEY
string
required
API key for Kuest CLOB authentication. Obtain from https://auth.kuest.com after connecting your wallet.
KUEST_API_KEY="your-api-key"
KUEST_API_SECRET
string
required
API secret for Kuest CLOB authentication. Keep this value secure and never commit it to version control.
KUEST_API_SECRET="your-api-secret"
KUEST_PASSPHRASE
string
required
Passphrase for Kuest CLOB authentication. Required for signing API requests.
KUEST_PASSPHRASE="your-passphrase"

Admin Configuration

ADMIN_WALLETS
string
required
Comma-separated list of EVM wallet addresses (0x… format on Polygon) that have admin privileges. Admin users can access special features and management interfaces.
ADMIN_WALLETS="0x123...,0x456...,0x789..."
You can also use JSON array format:
ADMIN_WALLETS='["0x123...","0x456..."]'

Wallet Connection

REOWN_APPKIT_PROJECT_ID
string
required
Your Reown AppKit project ID for Web3 wallet connections. Create a project at https://dashboard.reown.com.
REOWN_APPKIT_PROJECT_ID="your-project-id"

Authentication Secret

BETTER_AUTH_SECRET
string
required
Random 32-character secret for Better Auth session encryption. Generate one at https://www.better-auth.com/docs/installation#set-environment-variables.
Critical: Changing this value will invalidate all user sessions AND encrypted credentials, requiring users to log in and re-authenticate for trading.
BETTER_AUTH_SECRET="your-32-character-random-secret"

Cron Jobs

CRON_SECRET
string
required
Random secret (at least 16 characters) for authenticating Vercel Cron Jobs or database scheduler endpoints. This protects your sync endpoints from unauthorized access.
CRON_SECRET="your-random-secret-min-16-chars"

Optional Variables

These variables are optional but may be required depending on your deployment setup.

Performance Optimization

IMAGE_OPTIMIZATION
boolean
default:"false"
Enable Next.js image optimization. This can increase hosting costs on platforms like Vercel.
IMAGE_OPTIMIZATION=false

Database Configuration

POSTGRES_URL
string
PostgreSQL connection string for runtime database access. Required outside Vercel/Supabase integration flow.
POSTGRES_URL="postgresql://user:password@host:5432/database"
When using Vercel’s PostgreSQL integration, this is automatically populated. For self-hosted deployments, you must set this manually.

Storage Configuration

Use Supabase for both database and storage. If one variable is set, both are required.
SUPABASE_URL
string
Your Supabase project URL.
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_SERVICE_ROLE_KEY
string
Supabase service role key for server-side operations. Found in your Supabase project settings under API.
SUPABASE_SERVICE_ROLE_KEY="your-service-role-key"
Use S3 or S3-compatible storage (MinIO, R2, etc.) for file uploads. Required when SUPABASE_* variables are not configured.
S3_BUCKET
string
Name of your S3 bucket for storing assets.
S3_BUCKET="kuest-assets"
S3_ENDPOINT
string
S3 endpoint URL. Leave empty for AWS S3, or set for S3-compatible services.
# For MinIO
S3_ENDPOINT="https://minio.example.com"

# For Cloudflare R2
S3_ENDPOINT="https://your-account.r2.cloudflarestorage.com"

# For AWS S3 (leave empty or omit)
S3_ENDPOINT=""
S3_REGION
string
default:"us-east-1"
AWS region for your S3 bucket. Defaults to us-east-1 if not specified. Can also be set via AWS_REGION.
S3_REGION="us-east-1"
S3_ACCESS_KEY_ID
string
S3 access key ID. Can also be set via AWS_ACCESS_KEY_ID.
S3_ACCESS_KEY_ID="your-access-key-id"
S3_SECRET_ACCESS_KEY
string
S3 secret access key. Can also be set via AWS_SECRET_ACCESS_KEY.
S3_SECRET_ACCESS_KEY="your-secret-access-key"
S3_PUBLIC_URL
string
Custom public URL for accessing S3 assets. If not set, URLs are automatically generated based on the bucket and endpoint configuration.
S3_PUBLIC_URL="https://cdn.example.com"
S3_FORCE_PATH_STYLE
boolean
default:"true"
Use path-style URLs instead of virtual-hosted-style. Automatically defaults to true when S3_ENDPOINT is set.
S3_FORCE_PATH_STYLE=true

Monitoring and Error Tracking

Optional Sentry integration for error tracking and performance monitoring. Visit https://sentry.io/ to create a project.
SENTRY_DSN
string
Sentry Data Source Name for error reporting.
SENTRY_DSN="https://[email protected]/your-project"
SENTRY_ORG
string
Your Sentry organization slug.
SENTRY_ORG="your-org-slug"
SENTRY_PROJECT
string
Your Sentry project slug.
SENTRY_PROJECT="your-project-slug"
SENTRY_AUTH_TOKEN
string
Sentry authentication token for source map uploads during build.
SENTRY_AUTH_TOKEN="your-auth-token"

Environment File Example

Here’s a complete example of a .env file:
.env
# Required
KUEST_ADDRESS="0x..."
KUEST_API_KEY="your-api-key"
KUEST_API_SECRET="your-api-secret"
KUEST_PASSPHRASE="your-passphrase"
ADMIN_WALLETS="0x123...,0x456..."
REOWN_APPKIT_PROJECT_ID="your-project-id"
BETTER_AUTH_SECRET="your-32-character-random-secret"
CRON_SECRET="your-random-secret-min-16-chars"

# Optional
IMAGE_OPTIMIZATION=false
POSTGRES_URL="postgresql://user:password@host:5432/database"

# Storage (choose one)
# Option 1: Supabase
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_SERVICE_ROLE_KEY="your-service-role-key"

# Option 2: S3-compatible
# S3_BUCKET="kuest-assets"
# S3_ENDPOINT="https://minio.example.com"
# S3_REGION="us-east-1"
# S3_ACCESS_KEY_ID="your-access-key-id"
# S3_SECRET_ACCESS_KEY="your-secret-access-key"
# S3_PUBLIC_URL="https://cdn.example.com"
# S3_FORCE_PATH_STYLE=true

# Monitoring (optional)
# SENTRY_DSN="https://[email protected]/your-project"
# SENTRY_ORG="your-org-slug"
# SENTRY_PROJECT="your-project-slug"
# SENTRY_AUTH_TOKEN="your-auth-token"

Validation

The application validates environment variables at startup:
  • Missing required variables will cause the application to fail with clear error messages
  • Partial storage configuration (e.g., only setting S3_BUCKET without credentials) will throw an error
  • If both SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are provided, S3 configuration is ignored

Security Best Practices

Never commit your .env file to version control. The .env.example file is provided as a template only.
  1. Rotate secrets regularly: Change BETTER_AUTH_SECRET and API keys periodically
  2. Use environment-specific values: Different secrets for development, staging, and production
  3. Restrict admin access: Only add trusted wallet addresses to ADMIN_WALLETS
  4. Protect API endpoints: Keep CRON_SECRET secure to prevent unauthorized sync operations
  5. Service role keys: Never expose SUPABASE_SERVICE_ROLE_KEY in client-side code

Next Steps

Database Setup

Configure PostgreSQL and run migrations

Storage Configuration

Set up Supabase Storage or S3 for assets

Authentication

Configure Better Auth and wallet connections

Deployment

Deploy your prediction market

Build docs developers (and LLMs) love

Get started for freeTalk to us