Shipflash logoDocs

Configuration

Most configuration comes from environment variables and a few database-backed settings for public site behavior.

On this page

Config groups

GroupWhere it is used
SupabaseAuth, database access, service-role server operations, and generated types.
Site settingsCanonical URLs, brand name, support email, SEO defaults, and public metadata.
BillingProvider selection, enabled models, catalog JSON, provider keys, and webhook secrets.
EmailResend API key, sender domain, sender address, reply-to address, and webhook handling.
CronProtected scheduled routes for publish work, notification outbox delivery, and data retention.
Rate limitsPublic signup, checkout, portal, exports, and other hot paths.

Safe config rules

  • Keep secrets in .env.local or the deployment provider, never in source.
  • Use the canonical env names from .env.example.
  • Keep billing centered on BILLING_CATALOG_JSON, BILLING_PROVIDER, BILLING_ENABLED_MODELS, and BILLING_PRESET.
  • Validate required values close to the boundary where they are used.