Overview
DecipherIt consists of two main components that need to be configured:
- Frontend - Next.js application with authentication and file storage
- Backend - FastAPI server with AI agents and vector search
Each component has its own configuration file with specific requirements.
Frontend Configuration
The frontend uses a .env.local file in the client/ directory.
Database Configuration
PostgreSQL connection string for Prisma ORMDATABASE_URL="postgresql://username:password@localhost:5432/decipher"
The same database is used by both frontend and backend. Ensure the connection string is identical in both configuration files.
Authentication Configuration
DecipherIt uses Better Auth for authentication.
Secret key for signing authentication tokens. Generate a secure random string.BETTER_AUTH_SECRET="your-secure-random-string-here"
Base URL where your application is hosted# Development
BETTER_AUTH_URL="http://localhost:3000"
# Production
BETTER_AUTH_URL="https://yourdomain.com"
Keep your BETTER_AUTH_SECRET secure and never commit it to version control. Generate it using a cryptographically secure method.
Storage Configuration
DecipherIt uses Cloudflare R2 for object storage (documents, audio files).
Your Cloudflare R2 endpoint URLR2_ENDPOINT="https://your-account-id.r2.cloudflarestorage.com"
R2 access key ID for authenticationR2_ACCESS_KEY_ID="your-r2-access-key"
R2 secret access key for authenticationR2_SECRET_ACCESS_KEY="your-r2-secret-key"
Name of your R2 bucket for file storageR2_BUCKET_NAME="decipher-files"
Public URL for accessing stored files via CDNR2_PUBLIC_URL="https://files.yourdomain.com"
Application URLs
Public base URL of your application (used in client-side code)# Development
NEXT_PUBLIC_BASE_URL="http://localhost:3000"
# Production
NEXT_PUBLIC_BASE_URL="https://yourdomain.com"
URL of the backend API server# Development
BACKEND_API_URL="http://localhost:8001"
# Production
BACKEND_API_URL="https://api.yourdomain.com"
Complete Frontend Example
DATABASE_URL="postgresql://decipher_user:password@localhost:5432/decipher"
BETTER_AUTH_SECRET="your-secure-random-string-minimum-32-chars"
BETTER_AUTH_URL="http://localhost:3000"
BACKEND_API_URL="http://localhost:8001"
NEXT_PUBLIC_BASE_URL="http://localhost:3000"
R2_ENDPOINT="https://your-account-id.r2.cloudflarestorage.com"
R2_ACCESS_KEY_ID="your-r2-access-key"
R2_SECRET_ACCESS_KEY="your-r2-secret-key"
R2_BUCKET_NAME="decipher-files"
R2_PUBLIC_URL="https://files.yourdomain.com"
Backend Configuration
The backend uses a .env file in the backend/ directory.
Database Configuration
PostgreSQL connection string (same as frontend)DATABASE_URL="postgresql://username:password@localhost:5432/decipher"
AI Services Configuration
OpenAI
Used for embeddings and text generation.
Your OpenAI API key for embeddingsOPENAI_API_KEY="sk-proj-..."
OpenRouter
Used for accessing Google Gemini models.
Your OpenRouter API key for Gemini modelsOPENROUTER_API_KEY="sk-or-v1-..."
LemonFox AI
Used for high-quality text-to-speech synthesis.
Your LemonFox API key for TTSLEMONFOX_API_KEY="your-lemonfox-api-key"
Bright Data Configuration
Bright Data provides web scraping capabilities through the MCP server.
Your Bright Data API tokenBRIGHT_DATA_API_TOKEN="your-bright-data-token"
Browser authentication credentials for Bright DataBRIGHT_DATA_BROWSER_AUTH="your-bright-data-browser-auth"
Bright Data offers free credits for new users. The Web Unlocker zone is created automatically using your API token.
Vector Database Configuration
Qdrant API endpoint URL# Local installation
QDRANT_API_URL="http://localhost:6333"
# Cloud instance
QDRANT_API_URL="https://your-cluster.qdrant.io"
API key for Qdrant Cloud (not needed for local installation)QDRANT_API_KEY="your-qdrant-api-key"
Cloud Storage Configuration
Your Cloudflare account IDCLOUDFLARE_ACCOUNT_ID="your-cloudflare-account-id"
CLOUDFLARE_R2_ACCESS_KEY_ID
R2 access key ID (same as frontend)CLOUDFLARE_R2_ACCESS_KEY_ID="your-r2-access-key"
CLOUDFLARE_R2_SECRET_ACCESS_KEY
R2 secret access key (same as frontend)CLOUDFLARE_R2_SECRET_ACCESS_KEY="your-r2-secret-key"
Optional: LangTrace
API key for LangTrace observability (optional)LANGTRACE_API_KEY="your-langtrace-api-key"
Complete Backend Example
# Database
DATABASE_URL="postgresql://decipher_user:password@localhost:5432/decipher"
# Bright Data
BRIGHT_DATA_API_TOKEN="your-bright-data-api-token"
BRIGHT_DATA_BROWSER_AUTH="your-bright-data-browser-auth"
# AI Services
OPENROUTER_API_KEY="sk-or-v1-..."
OPENAI_API_KEY="sk-proj-..."
LEMONFOX_API_KEY="your-lemonfox-api-key"
# Vector Database
QDRANT_API_KEY="your-qdrant-api-key"
QDRANT_API_URL="http://localhost:6333"
# Cloud Storage
CLOUDFLARE_ACCOUNT_ID="your-cloudflare-account-id"
CLOUDFLARE_R2_ACCESS_KEY_ID="your-r2-access-key"
CLOUDFLARE_R2_SECRET_ACCESS_KEY="your-r2-secret-key"
# Optional: Observability
LANGTRACE_API_KEY="your-langtrace-api-key"
Security Best Practices
Never commit .env or .env.local files to version control. Add them to .gitignore.
- Use Strong Secrets: Generate cryptographically secure random strings for authentication secrets
- Restrict API Keys: Use API keys with minimum required permissions
- Rotate Credentials: Regularly rotate API keys and secrets
- Environment Separation: Use different credentials for development and production
- Secure Storage: Store production secrets in a secure vault (e.g., AWS Secrets Manager, HashiCorp Vault)
Production Considerations
HTTPS/TLS
In production, always use HTTPS:
BETTER_AUTH_URL="https://yourdomain.com"
NEXT_PUBLIC_BASE_URL="https://yourdomain.com"
CORS Configuration
The backend has CORS middleware enabled. For production, configure allowed origins in the FastAPI application.
Database Connection Pooling
For production, use connection pooling:
DATABASE_URL="postgresql://user:pass@host:5432/decipher?pool_size=20&max_overflow=10"
Next Steps
Environment Variables
Complete reference of all environment variables
Docker Deployment
Deploy using Docker containers