NEXTDEVKIT DocsSST AWS
Environment variable configuration for SST AWS deployment
This configuration is ideal for enterprise-grade infrastructure with AWS services and compliance requirements. SST provides Infrastructure as Code with AWS Lambda, RDS, S3, and other AWS services.
🚀 Core Application Settings
| Variable | Description | Example | Required |
|---|---|---|---|
BETTER_AUTH_SECRET | Secret key for Better Auth session encryption | your-32-character-secret-key | ✅ |
BETTER_AUTH_URL | Base URL of your application | https://yourdomain.com | ✅ |
NEXT_PUBLIC_APP_URL | Public URL for client-side usage | https://yourdomain.com | ✅ |
BETTER_AUTH_SECRET is a random string used for encryption and generating hashes. You can generate a 32-character secure key using the following command:
# Generate a 32-character secure key
openssl rand -base64 32AWS SST and Next.js core configurations are basically the same, except for the database configuration, because AWS RDS has built-in RDS database connection, so there's no need to configure DATABASE_URL.
If you need to use PostgreSQL or other databases, you need to configure DATABASE_URL and modify the related code. You can refer to the configuration in Next.js deployment.
📧 Email Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
RESEND_API_KEY | API key for Resend email service | re_123456789 | ❌ |
RESEND_AUDIENCE_ID | Audience ID for newsletter functionality | aud_123456789 | ❌ |
If you need to enable email/password login functionality that requires email verification, you need to set RESEND_API_KEY. If you need newsletter functionality, you need to set RESEND_AUDIENCE_ID.
If you only enable social media login without transactional emails or newsletter functionality, you don't need to set RESEND_API_KEY and RESEND_AUDIENCE_ID.
For more information about email configuration, see:
Configure email templates and newsletter functionality for user communication.
🔐 OAuth Provider Settings
GitHub OAuth
| Variable | Description | Example | Required |
|---|---|---|---|
GITHUB_CLIENT_ID | GitHub App Client ID | a629723d24c123456 | ❌ |
GITHUB_CLIENT_SECRET | GitHub App Client Secret | abc123def456ghi789jkl012 | ❌ |
If you need to enable GitHub login functionality, you need to set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET.
Google OAuth
| Variable | Description | Example | Required |
|---|---|---|---|
GOOGLE_CLIENT_ID | Google OAuth Client ID | 123456789-abc123.apps.googleusercontent.com | ❌ |
GOOGLE_CLIENT_SECRET | Google OAuth Client Secret | GOCSPX-abc123def456ghi789 | ❌ |
If you need to enable Google login functionality, you need to set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.
For more information about OAuth configuration, see:
Authentication
Set up user authentication and authorization with multiple providers like OAuth, and more.
💳 Payment Integration (Stripe)
| Variable | Description | Example | Required |
|---|---|---|---|
STRIPE_SECRET_KEY | Stripe secret key for server-side operations | sk_test_123... or sk_live_123... | ❌ |
STRIPE_WEBHOOK_SECRET | Webhook endpoint secret for Stripe events | whsec_123456789 | ❌ |
NEXT_PUBLIC_PRICE_ID_PRO_MONTHLY | Stripe price ID for monthly pro plan | price_123456789 | ❌ |
NEXT_PUBLIC_PRICE_ID_PRO_YEARLY | Stripe price ID for yearly pro plan | price_987654321 | ❌ |
NEXT_PUBLIC_PRICE_ID_LIFETIME | Stripe price ID for lifetime plan | price_555666777 | ❌ |
For more information about payment configuration, see:
Payment
Integrate Stripe for handling payments and subscriptions with flexible pricing plans.
📁 Storage Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_AVATARS_BUCKET_NAME | S3 bucket name for avatar uploads | my-app-avatars | ❌ |
AWS SST's S3 doesn't require environment variable configuration, it directly uses the AWS S3 service created in SST.
For more information about storage configuration, see:
Storage
Set up file storage solutions for your application assets and user uploads.
📊 Analytics Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID | Google Analytics website ID | G-xxx | ❌ |
NEXT_PUBLIC_UMAMI_WEBSITE_ID | Umami Analytics website ID | xxx | ❌ |
NEXT_PUBLIC_UMAMI_SCRIPT_URL | Umami Analytics script URL | https://xxx.js | ❌ |
NEXT_PUBLIC_PLAUSIBLE_DOMAIN | Plausible Analytics domain | xxx | ❌ |
NEXT_PUBLIC_PLAUSIBLE_SCRIPT_URL | Plausible Analytics script URL | https://xxx.js | ❌ |
For more information about analytics configuration, see:
Analytics
Track user behavior and application performance with integrated analytics solutions.
💰 Affiliate Marketing Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID | Affonso affiliate ID | xxx | ❌ |
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID is the Affonso affiliate ID used to track affiliate performance.
For more information about affiliate configuration, see:
Affiliate
Integrate Affonso to handle affiliate performance tracking.
Cloudflare DNS Configuration
| Variable | Description | Example | Required |
|---|---|---|---|
CLOUDFLARE_API_TOKEN | Cloudflare API token | xxx | ❌ |
CLOUDFLARE_DEFAULT_ACCOUNT_ID | Cloudflare account ID | xxx | ❌ |
If you use Cloudflare's DNS service, you need to configure CLOUDFLARE_API_TOKEN and CLOUDFLARE_DEFAULT_ACCOUNT_ID.
If you use AWS's Route 53 service, you don't need to configure CLOUDFLARE_API_TOKEN and CLOUDFLARE_DEFAULT_ACCOUNT_ID. You only need to configure the domain in sst.config.ts.
📝 .env File Example
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
BETTER_AUTH_SECRET=
BETTER_AUTH_URL=http://localhost:3000
NEXT_PUBLIC_APP_URL=http://localhost:3000
# ---------Email----------
RESEND_API_KEY=
RESEND_AUDIENCE_ID=
# ---------Auth----------
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET
# ---------Payment----------
STRIPE_SECRET_KEY=sk_test_
STRIPE_WEBHOOK_SECRET=whsec_
NEXT_PUBLIC_PRICE_ID_PRO_MONTHLY=price_
NEXT_PUBLIC_PRICE_ID_PRO_YEARLY=price_
NEXT_PUBLIC_PRICE_ID_LIFETIME=price_
# ---------Analytics----------
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID=G-xxx
# Umami Analytics
NEXT_PUBLIC_UMAMI_WEBSITE_ID=
NEXT_PUBLIC_UMAMI_SCRIPT_URL=
# Plausible Analytics
NEXT_PUBLIC_PLAUSIBLE_DOMAIN=
NEXT_PUBLIC_PLAUSIBLE_SCRIPT_URL=
# ---------Affiliate----------
NEXT_PUBLIC_AFFILIATE_AFFONSO_ID=
# Optional for Cloudflare dns
CLOUDFLARE_API_TOKEN=
CLOUDFLARE_DEFAULT_ACCOUNT_ID=🛠️ Development vs Production Environment
Development Environment
- Use
http://localhost:3000for local URLs - Use Stripe test keys (starting with
sk_test_) - OAuth redirect URIs should point to localhost
Production Environment
- Use your actual domain for all URLs
- Use Stripe live keys (starting with
sk_live_) - Configure OAuth providers with production redirect URIs
- Ensure all secrets are properly secured and rotated regularly
Secret Management
You can use the sst secret command to manage production environment secrets.
npx sst secret set BETTER_AUTH_SECRET xxx
npx sst secret set STRIPE_SECRET_KEY xxx
npx sst secret set RESEND_API_KEY xxx