Environment Setup
Copy .env.example to .env in the project root, then set the variables below. The app validates env at build and runtime via src/env.ts; invalid or missing required vars will cause errors.
For Docker or CI builds where not all vars are available at build time, set SKIP_ENV_VALIDATION=1 to skip validation.
Payload & database
| Variable | Required | Description |
|---|---|---|
PAYLOAD_SECRET | Yes | Secret used for signing; must be set and kept private |
DATABASE_PUBLIC_URI | Yes | MongoDB (or DB) connection string for general use |
DATABASE_PRIVATE_URI | Yes | Private / server-side connection string |
DATABASE_NAME | No | Database name (Payload can use default if omitted) |
PREVIEW_SECRET | No | Optional secret for draft preview |
Auth (Better Auth)
| Variable | Required | Description |
|---|---|---|
BETTER_AUTH_URL | No | Base URL of your app (e.g. https://yoursite.com) |
GOOGLE_CLIENT_ID | No | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | No | Google OAuth client secret |
Stripe
| Variable | Required | Description |
|---|---|---|
STRIPE_SECRET_KEY | Yes | Stripe secret key (when Stripe plugin is enabled) |
STRIPE_WEBHOOKS_ENDPOINT_SECRET | Yes | Webhook signing secret for your Stripe endpoint |
S3 (optional)
When all of these are set, the S3 storage adapter is used for media uploads.
| Variable | Required | Description |
|---|---|---|
S3_BUCKET | No | S3 bucket name |
S3_ACCESS_KEY_ID | No | Access key |
S3_SECRET_ACCESS_KEY | No | Secret key |
S3_REGION | No | AWS region |
S3_PREFIX_ROOTFOLDER | No | Optional path prefix in the bucket |
| Variable | Required | Description |
|---|---|---|
EMAIL_ADAPTER | Yes | resend (Resend REST API) or smtp (Nodemailer). Use resend on Railway (no SMTP egress). |
RESEND_API_KEY | When resend | Required if EMAIL_ADAPTER=resend. Optional for smtp (used as SMTP password with Resend SMTP). |
EMAIL_FROM | No | Default “from” address |
EMAIL_FROM_NAME | No | Default “from” name |
EMAIL_SMTP_HOST | No | SMTP host (default: smtp.resend.com) — only for smtp |
EMAIL_SMTP_PORT | No | SMTP port (default: 465) — only for smtp |
EMAIL_SMTP_USER | No | SMTP user (default: resend) — only for smtp |
EMAIL_SMTP_PASS | No | SMTP password — only for smtp |
See Email for full setup (Resend API vs SMTP, Railway).
Client-side (optional)
These are exposed to the browser; only set what you need.
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_SERVER_URL | No | Public URL of the server |
NEXT_PUBLIC_BETTER_AUTH_URL | No | Auth base URL for the client |
NEXT_PUBLIC_GOOGLE_CLIENT_ID | No | Google client ID for OAuth |
NEXT_PUBLIC_GA_ID | No | Google Analytics ID |
Ingest & jobs
| Variable | Required | Description |
|---|---|---|
IMPORT_MAX_FILE_SIZE_MB | No | Cap on import upload/URL fetch size. Default 100. Peak memory ≈ 2–3× file size — confirm box RAM before raising. |
PAYLOAD_JOB_AUTORUN_CRON | No | Cron expression for the in-process job runner (long-lived Node, e.g. Railway). |
CRON_SECRET | No | Bearer token expected by Authorization on the jobs run API. Required for serverless cron (Vercel). |
AI generation (optional)
| Variable | Required | Description |
|---|---|---|
REPLICATE_API_TOKEN | When using generateAI | Replicate API token for the generation pipeline. See Features → AI Generation. |
CLI (operator machine)
The shipmore CLI reads these from the operator’s environment, not the deployed box:
| Variable | Required | Description |
|---|---|---|
SHIPMORE_API_URL | Yes | Base URL of the deployed ShipMore box (e.g. https://your-box.com). Falls back to ~/.shipmore/config baked by the installer. |
SHIPMORE_API_KEY | Yes | A Payload user API key (Admin → Users → API Key). Read from env only — never written to disk. |