Configuration

Launchway follows the 12-factor app (opens in a new tab) principles which, regards to configurations, means that it's driven entirely by environment variables. Enabling or disabling certain features like caching or storage, as well as changing the underlying providers, is all driven by the presence or absence of specific named environment variables.

Most of this happens in the app/config/features.server.ts file. This uses Zod schemas to read your .env on startup and determine if you have emails, caching, and storage enabled as well as which underlying provider to use for each.

Managing configuration

All sensitive secrets (think database URLs, Stripe API key, OAuth client IDs/secrets) should be stored as environment variables and never in the code. As well as this, other non-secret configurations like the app name, URL, and cookie domain are driven by environment variables. This allows you to have different configurations depending on if you're running in a local or production environment.

There are some essential environment variables that are necessary for your app to run

  • NODE_ENV - used to determine various features
  • DATABASE_URL - can be a remote or local Postgres instance or SQLite file
  • SESSION_SECRET - used to sign the session cookie. More info on that here
  • APP_URL - the URL of your app. Required for emails and Stripe links
  • APP_NAME - the name of your app
  • COOKIE_DOMAIN - the cookie domain for sessions. This will be localhost in local environments and your app's real domain for production environments
  • STRIPE_SECRET_KEY - your Stripe secret key
  • STRIPE_WEBHOOK_SECRET - your Stripe webhooks secret

Documentation for certain features or areas of the app will always list relevant environment variables with an alert like the one you see below

Relevant environment variables

Validation

All environment variables are parsed on startup using a Zod schema, ensuring that all necessary and optional variables exist and or are in the correct format (number, string etc). This happens in app/utils/env.server.ts.

Client-side environment variables

By default, all environment variables are only present in the server-side part of your app (i.e. not in client-side React components). Some values are non-sensitive and are safe to expose to the client-side part of your code. For this, there's a helper method getPublicClientSideEnvVars() that makes specific named values available to the client on initial load. By default, there are only three environment variables made public

  • PUBLIC_SENTRY_DSN
  • NODE_ENV
  • APP_NAME
⚠️

You should be extremely cautious about which variables to expose here. If you accidentally expose your Stripe key or database credentials, for example, a malicious user could cause serious damage to your system.

Getting startedOverview