Skip to main content

Overview

DecipherIt uses environment variables to configure both the frontend and backend. This page provides a complete reference for all available variables.
Variables marked with ⚠️ are required. Variables marked with ℹ️ are optional.

Frontend Environment Variables

These variables are configured in client/.env.local.

Database

DATABASE_URL
string
required
⚠️ PostgreSQL connection string for Prisma ORMFormat: postgresql://[user]:[password]@[host]:[port]/[database]Example:
DATABASE_URL="postgresql://decipher_user:password@localhost:5432/decipher"
Docker:
DATABASE_URL="postgresql://postgres:password@db:5432/decipher"

Authentication

BETTER_AUTH_SECRET
string
required
⚠️ Secret key for signing authentication tokensRequirements:
  • Minimum 32 characters
  • Cryptographically secure random string
  • Must be kept secret
Generate:
openssl rand -base64 32
Example:
BETTER_AUTH_SECRET="a8f5f167f44f4964e6c998dee827110c"
BETTER_AUTH_URL
string
required
⚠️ Base URL where your application is hostedDevelopment:
BETTER_AUTH_URL="http://localhost:3000"
Production:
BETTER_AUTH_URL="https://yourdomain.com"

Application URLs

NEXT_PUBLIC_BASE_URL
string
required
⚠️ Public base URL (accessible from client-side code)Development:
NEXT_PUBLIC_BASE_URL="http://localhost:3000"
Production:
NEXT_PUBLIC_BASE_URL="https://yourdomain.com"
Variables prefixed with NEXT_PUBLIC_ are exposed to the browser. Never include secrets in these variables.
BACKEND_API_URL
string
required
⚠️ URL of the backend API serverDevelopment:
BACKEND_API_URL="http://localhost:8001"
Production:
BACKEND_API_URL="https://api.yourdomain.com"
Docker:
BACKEND_API_URL="http://backend:8001"

Cloud Storage (Cloudflare R2)

R2_ENDPOINT
string
required
⚠️ Cloudflare R2 endpoint URLFormat: https://[account-id].r2.cloudflarestorage.comExample:
R2_ENDPOINT="https://1234567890abcdef.r2.cloudflarestorage.com"
Find your account ID in the Cloudflare dashboard under R2.
R2_ACCESS_KEY_ID
string
required
⚠️ R2 access key ID for authenticationExample:
R2_ACCESS_KEY_ID="a1b2c3d4e5f6g7h8i9j0"
Create R2 API tokens in the Cloudflare dashboard.
R2_SECRET_ACCESS_KEY
string
required
⚠️ R2 secret access key for authenticationExample:
R2_SECRET_ACCESS_KEY="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
R2_BUCKET_NAME
string
required
⚠️ Name of your R2 bucket for file storageExample:
R2_BUCKET_NAME="decipher-files"
Create the bucket in the Cloudflare R2 dashboard before deploying.
R2_PUBLIC_URL
string
required
⚠️ Public CDN URL for accessing stored filesExample:
R2_PUBLIC_URL="https://files.yourdomain.com"
Configure a custom domain in the Cloudflare R2 dashboard.

Backend Environment Variables

These variables are configured in backend/.env.

Database

DATABASE_URL
string
required
⚠️ PostgreSQL connection string (same as frontend)Example:
DATABASE_URL="postgresql://decipher_user:password@localhost:5432/decipher"

AI Services

Bright Data

BRIGHT_DATA_API_TOKEN
string
required
⚠️ Bright Data API token for web scrapingExample:
BRIGHT_DATA_API_TOKEN="abc123def456ghi789"
How to get:
  1. Sign up at brightdata.com
  2. Navigate to user settings
  3. Copy your API token
New users receive free credits.
BRIGHT_DATA_BROWSER_AUTH
string
required
⚠️ Browser authentication credentials for Bright DataFormat: username:passwordExample:
BRIGHT_DATA_BROWSER_AUTH="brd-customer-hl_abc123:def456ghi789"
Find this in your Bright Data Web Unlocker zone settings.

OpenRouter

OPENROUTER_API_KEY
string
required
⚠️ OpenRouter API key for Google Gemini modelsExample:
OPENROUTER_API_KEY="sk-or-v1-abc123def456ghi789"
How to get:
  1. Sign up at openrouter.ai
  2. Navigate to API Keys
  3. Create a new API key
DecipherIt uses OpenRouter to access Google Gemini 1.5 Flash via unified API.

OpenAI

OPENAI_API_KEY
string
required
⚠️ OpenAI API key for embeddingsExample:
OPENAI_API_KEY="sk-proj-abc123def456ghi789"
How to get:
  1. Sign up at platform.openai.com
  2. Navigate to API Keys
  3. Create a new API key
Used for generating text embeddings for semantic search.

LemonFox AI

LEMONFOX_API_KEY
string
required
⚠️ LemonFox API key for text-to-speechExample:
LEMONFOX_API_KEY="lf_abc123def456"
How to get:
  1. Sign up at lemonfox.ai
  2. Navigate to API settings
  3. Generate an API key
Used for generating high-quality podcast-style audio overviews.

Vector Database

QDRANT_API_URL
string
required
⚠️ Qdrant API endpoint URLLocal Installation:
QDRANT_API_URL="http://localhost:6333"
Docker:
QDRANT_API_URL="http://qdrant:6333"
Qdrant Cloud:
QDRANT_API_URL="https://your-cluster-url.qdrant.io"
QDRANT_API_KEY
string
ℹ️ API key for Qdrant Cloud authenticationExample:
QDRANT_API_KEY="abc123def456ghi789"
Not required for local Qdrant installations. Only needed for Qdrant Cloud.

Cloud Storage

CLOUDFLARE_ACCOUNT_ID
string
required
⚠️ Cloudflare account IDExample:
CLOUDFLARE_ACCOUNT_ID="1234567890abcdef"
Find in the Cloudflare dashboard URL or account settings.
CLOUDFLARE_R2_ACCESS_KEY_ID
string
required
⚠️ R2 access key ID (same as frontend R2_ACCESS_KEY_ID)Example:
CLOUDFLARE_R2_ACCESS_KEY_ID="a1b2c3d4e5f6g7h8i9j0"
CLOUDFLARE_R2_SECRET_ACCESS_KEY
string
required
⚠️ R2 secret access key (same as frontend R2_SECRET_ACCESS_KEY)Example:
CLOUDFLARE_R2_SECRET_ACCESS_KEY="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"

Optional Services

LANGTRACE_API_KEY
string
ℹ️ LangTrace API key for observability and tracingExample:
LANGTRACE_API_KEY="lt_abc123def456"
How to get:
  1. Sign up at langtrace.ai
  2. Create a new project
  3. Copy the API key
Provides detailed observability for AI agent workflows.

Complete Configuration Examples

Frontend (.env.local)

# Database
DATABASE_URL="postgresql://decipher_user:mypassword@localhost:5432/decipher"

# Authentication
BETTER_AUTH_SECRET="a8f5f167f44f4964e6c998dee827110c"
BETTER_AUTH_URL="http://localhost:3000"

# Application URLs
BACKEND_API_URL="http://localhost:8001"
NEXT_PUBLIC_BASE_URL="http://localhost:3000"

# Cloudflare R2 Storage
R2_ENDPOINT="https://1234567890abcdef.r2.cloudflarestorage.com"
R2_ACCESS_KEY_ID="a1b2c3d4e5f6g7h8i9j0"
R2_SECRET_ACCESS_KEY="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
R2_BUCKET_NAME="decipher-files"
R2_PUBLIC_URL="https://files.decipherit.xyz"

Backend (.env)

# Database
DATABASE_URL="postgresql://decipher_user:mypassword@localhost:5432/decipher"

# Bright Data (Web Scraping)
BRIGHT_DATA_API_TOKEN="abc123def456ghi789"
BRIGHT_DATA_BROWSER_AUTH="brd-customer-hl_abc123:def456ghi789"

# AI Services
OPENROUTER_API_KEY="sk-or-v1-abc123def456ghi789"
OPENAI_API_KEY="sk-proj-abc123def456ghi789"
LEMONFOX_API_KEY="lf_abc123def456"

# Vector Database
QDRANT_API_URL="http://localhost:6333"
QDRANT_API_KEY=""

# Cloudflare
CLOUDFLARE_ACCOUNT_ID="1234567890abcdef"
CLOUDFLARE_R2_ACCESS_KEY_ID="a1b2c3d4e5f6g7h8i9j0"
CLOUDFLARE_R2_SECRET_ACCESS_KEY="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"

# Optional: Observability
LANGTRACE_API_KEY="lt_abc123def456"

Docker (.env)

# Authentication
BETTER_AUTH_SECRET="a8f5f167f44f4964e6c998dee827110c"
BETTER_AUTH_URL="http://localhost:3000"
NEXT_PUBLIC_BASE_URL="http://localhost:3000"

# Cloudflare R2 Storage
R2_ENDPOINT="https://1234567890abcdef.r2.cloudflarestorage.com"
R2_ACCESS_KEY_ID="a1b2c3d4e5f6g7h8i9j0"
R2_SECRET_ACCESS_KEY="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
R2_BUCKET_NAME="decipher-files"
R2_PUBLIC_URL="https://files.decipherit.xyz"

# AI Services
BRIGHT_DATA_API_TOKEN="abc123def456ghi789"
BRIGHT_DATA_BROWSER_AUTH="brd-customer-hl_abc123:def456ghi789"
OPENROUTER_API_KEY="sk-or-v1-abc123def456ghi789"
OPENAI_API_KEY="sk-proj-abc123def456ghi789"
LEMONFOX_API_KEY="lf_abc123def456"

# Cloudflare
CLOUDFLARE_ACCOUNT_ID="1234567890abcdef"

# Optional
QDRANT_API_KEY=""
LANGTRACE_API_KEY=""

Security Best Practices

Never commit .env files to version control. Always add them to .gitignore.

Secret Management

  1. Generate Strong Secrets: 
    # Generate a secure random string
openssl rand -base64 32
  2. Use Environment-Specific Values:
    • Development: http://localhost
    • Production: https://yourdomain.com
  3. Rotate Credentials Regularly:
    • Change API keys every 90 days
    • Rotate auth secrets on security incidents
  4. Use Secret Managers in Production:
    • AWS Secrets Manager
    • HashiCorp Vault
    • Google Secret Manager
    • Azure Key Vault

Validation

Validate your environment configuration before deployment: 
# Frontend validation
cd client
pnpm prisma validate

# Backend validation
cd backend
python -c "from dotenv import load_dotenv; load_dotenv(); import os; print('Loaded', len(os.environ), 'variables')"

Troubleshooting

Missing Variables

If you see errors about missing environment variables:
  1. Check the variable name matches exactly (case-sensitive)
  2. Ensure the .env or .env.local file is in the correct directory
  3. Restart the development server after changing variables

Database Connection Fails

Check your DATABASE_URL format: 
# Correct format
postgresql://username:password@host:port/database

# Common mistakes
postgres://...  # Wrong protocol
postgresql://username@host/database  # Missing password
postgresql://username:password@host  # Missing port and database

API Key Errors

If API calls fail:
  1. Verify the API key is valid and active
  2. Check for extra spaces or newlines in the .env file
  3. Ensure you have sufficient credits/quota
  4. Check the service status page

Next Steps

Installation

Complete installation guide

Configuration

Detailed configuration guide

Docker Deployment

Deploy using Docker

Integrations

Set up Bright Data and AI models

Build docs developers (and LLMs) love

Get started for freeTalk to us