Appearance
Environment Variables & Secrets
WARNING
This page lists variable names and purposes only — never commit actual values. Frontend values live in .env.local; edge-function secrets are configured in the Supabase dashboard (Functions → Secrets) and read via Deno.env.get().
Frontend (.env.local, Vite — VITE_*)
Injected at build time into the SPA. Only public, non-secret values belong here (the Supabase anon key is safe; the service-role key is not and must never appear in src/).
| Variable | Purpose |
|---|---|
VITE_SUPABASE_URL | Supabase project URL (REST/RPC/Functions base). |
VITE_SUPABASE_ANON_KEY | Public anon key for the browser client (src/lib/supabaseClient.js). |
Confirm the exact
VITE_*names against.env.localandsrc/lib/supabaseClient.js; add any others in use (analytics, public Cloudflare hashes already live inconfig/cloudflareConfig.js).
Edge function secrets (Supabase Functions → Secrets)
Read in EFs via Deno.env.get('NAME'). Never logged, never returned in responses.
| Variable | Used by | Purpose |
|---|---|---|
SUPABASE_URL / SUPABASE_SERVICE_ROLE_KEY / SUPABASE_ANON_KEY | all EFs (_shared/auth.ts) | Service-role client for writes; anon client for JWT verification. |
CLOUDFLARE_ACCOUNT_ID | finfluencify-get-video-upload-url, image upload | Cloudflare account for Stream/Images API. |
CLOUDFLARE_STREAM_API_TOKEN | video upload / delete | Cloudflare Stream API token (Stream: Edit). |
CLOUDFLARE_STREAM_WEBHOOK_SECRET | finfluencify-stream-webhook | HMAC secret to verify Stream webhook signatures. |
SHOONYA_API_KEY / SHOONYA_API_USER_ID / SHOONYA_API_PASSWORD | NSE market-data fetchers | Broker API auth for live indices/contributors. |
| Razorpay keys | payout / linked-account EFs | Razorpay API for trainer payouts (see Razorpay). |
This table is hand-maintained. When you add an EF that reads a new secret, add the row here and document it on the EF's page. Cross-check against
Deno.env.get(usages acrosssupabase/functions/.