LaunchKit Environment Variables: The Complete Setup Guide

Why Environment Variables Matter

Environment variables are the bridge between your code and the services it depends on. Get them wrong and nothing works. Get them right and your app connects to Supabase, processes Stripe payments, and sends emails without a single hardcoded secret in your codebase.

This guide walks through every environment variable LaunchKit needs, where to get each credential, and the mistakes that waste hours of debugging time.

The Complete Variable Reference

LaunchKit uses 10 environment variables across 4 services. Here's the full list with their purposes:

# Supabase - Authentication & Database
NEXT_PUBLIC_SUPABASE_URL=https://xxxxx.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGc...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGc...

# Stripe - Payments
STRIPE_SECRET_KEY=sk_live_...
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...

# Resend - Transactional Email
RESEND_API_KEY=re_...

# Application
ADMIN_EMAILS=you@example.com,cofounder@example.com

# Analytics (Optional)
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID=G-XXXXXXXXXX
NEXT_PUBLIC_PLAUSIBLE_DOMAIN=yourdomain.com

Supabase Credentials

Where to find them

Log into supabase.com/dashboard, select your project, then navigate to Project Settings → API.

• Project URL: Your NEXT_PUBLIC_SUPABASE_URL. Looks like https://abcdefghij.supabase.co
• anon (public) key: Your NEXT_PUBLIC_SUPABASE_ANON_KEY. Safe to expose in the browser—RLS policies protect your data.
• service_role key: Your SUPABASE_SERVICE_ROLE_KEY. Never expose this client-side. It bypasses RLS.

The NEXT_PUBLIC_ prefix

Variables starting with NEXT_PUBLIC_ are bundled into your client-side JavaScript. Everyone can see them in the browser. That's fine for the URL and anon key—Supabase designed them to be public.

The service role key has no prefix. It only exists on the server and should stay that way.

Stripe Credentials

Where to find them

In your Stripe Dashboard → Developers → API keys:

• Publishable key: Starts with pk_test_ or pk_live_. Goes in NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY.
• Secret key: Starts with sk_test_ or sk_live_. Goes in STRIPE_SECRET_KEY.

Webhook secret

The STRIPE_WEBHOOK_SECRET comes from creating a webhook endpoint. Go to Developers → Webhooks, add an endpoint pointing to https://yourdomain.com/api/webhook/stripe, and copy the signing secret (starts with whsec_).

For local development, use the Stripe CLI:

stripe listen --forward-to localhost:3000/api/webhook/stripe

The CLI prints a local webhook secret you can use in development.

Resend API Key

Where to find it

Sign up at resend.com, then go to API Keys in the sidebar. Create a new key with "Sending access" permission and copy it.

Resend's free tier includes 3,000 emails/month—plenty for launching and validating your SaaS.

Domain verification

Before going live, verify your sending domain in Resend by adding the DNS records they provide. Until then, you can only send to your own email address.

Admin Emails

ADMIN_EMAILS is a comma-separated list of email addresses that receive admin notifications (new signups, purchases, etc.).

ADMIN_EMAILS=founder@yourdomain.com,cofounder@yourdomain.com

No spaces between addresses. Just commas.

Analytics (Optional)

LaunchKit supports both Google Analytics and Plausible. You only need one (or neither for MVP launches).

• Google Analytics: Create a GA4 property and copy the Measurement ID (G-XXXXXXXXXX).
• Plausible: Sign up at plausible.io and add your domain. Use that domain as NEXT_PUBLIC_PLAUSIBLE_DOMAIN.

Local vs Production Setup

Development

Create .env.local in your project root. This file is gitignored by default—your secrets stay on your machine.

# Copy .env.example to .env.local
cp .env.example .env.local

# Then fill in your values
nano .env.local

Production (Vercel)

In Vercel, go to your project → Settings → Environment Variables. Add each variable for the Production environment. Vercel encrypts them at rest and injects them at build time.

Pro tip: Use different Supabase projects and Stripe test/live mode keys for development vs production. Never use production credentials locally.

Common Gotchas

• Forgetting to restart the dev server: Next.js only reads .env.local at startup. After changing variables, restart with npm run dev.
• Mixing test and live Stripe keys: If your publishable key is pk_test_ but your secret is sk_live_, payments will fail cryptically.
• Exposing SUPABASE_SERVICE_ROLE_KEY: If you accidentally prefix it with NEXT_PUBLIC_, anyone can bypass your RLS policies. Triple-check this one.
• Wrong webhook secret: If Stripe events aren't being processed, the signing secret is usually the culprit. Make sure it matches the endpoint in your Stripe dashboard.
• Trailing whitespace: Some editors add invisible spaces. If a variable "should work but doesn't," check for whitespace at the end.

Debugging Tips

When something isn't connecting, here's how to isolate the problem:

// Add this temporarily to any API route
console.log('SUPABASE_URL:', process.env.NEXT_PUBLIC_SUPABASE_URL);
console.log('STRIPE_KEY exists:', !!process.env.STRIPE_SECRET_KEY);

// Never log the actual secret values—just check if they exist

If a variable is undefined, check the file name (.env.local, not .env), restart the dev server, and verify there are no typos in the variable name.

Quick Checklist

Before you go live, verify:

• ☐ All 10 variables are set in Vercel's Production environment
• ☐ Stripe keys are live mode (sk_live_, pk_live_)
• ☐ Webhook endpoint is created in Stripe for your production URL
• ☐ Supabase redirect URLs include your production domain
• ☐ Resend domain is verified for your sending address
• ☐ ADMIN_EMAILS includes your real email