Skip to Content
🎉 TestoQA 1.0 is released
Developer GuideGetting StartedEnvironment Configuration

Environment & Configuration

TestoQA uses environment variables for configuration, following standard Next.js conventions.

How config is loaded

In local development, we typically use:

  • .env.local for developer-specific values
  • .env.example as the canonical template

Rule: do not commit secrets. Only commit .env.example.

Environment files

  • .env.example → canonical reference
  • .env → local development values

Create your local env file

cp .env.example .env.local

If you’re on Windows, copy via Explorer or: copy .env.example .env.local

Required variables

Authentication

TestoQA uses Auth.js (NextAuth v5).

You must define:

  • AUTH_SECRET — session signing secret
  • AUTH_URL — base URL (usually http://localhost:3000)

Generate a secure secret:

openssl rand -base64 32

(Windows users can use https://generate-secret.vercel.app/32 )

💡 Generate a secure AUTH_SECRET using:* macOS/Linux: openssl rand -base64 32* Windows: Use this generator 

Database

  • DATABASE_URL

Example:

postgresql://postgres:postgres@localhost:5432/testoqa

Configuration rules

  • Restart the dev server after changing env vars
  • Never commit .env
  • All tenant isolation is enforced at the application layer
  • Every tenant-scoped entity must include a projectId

App

  • NEXT_PUBLIC_APP_URL — base URL (e.g. http://localhost:3000)
  • NODE_ENV — usually development

Database

  • DATABASE_URL — Postgres connection string Example: postgresql://postgres:postgres@localhost:5432/app_dev

Auth (if using OAuth/SSO)

  • AUTH_SECRET (or NEXTAUTH_SECRET) — session signing secret
  • AUTH_URL (or NEXTAUTH_URL) — callback base URL
  • Provider credentials (e.g. GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET)

Cache / queues (if used)

  • REDIS_URL — e.g. redis://localhost:6379

Email / notifications (if used)

  • SMTP variables or provider API key

File storage (if used)

  • S3 bucket settings or local emulator settings

Feature flags (if used)

Feature flags should be documented with:

  • purpose
  • default
  • safe rollout notes

Example pattern:

  • FEATURE_X_ENABLED=false

Per-environment rules

Local dev

  • Use .env.local
  • Use local Docker services
  • Use dev OAuth credentials (never prod)

Staging / Production

  • Environment variables should come from the platform (Vercel, Docker, K8s, etc.)
  • Secrets should come from a secrets manager (or platform secret store)
  • “Public” variables must be prefixed with NEXT_PUBLIC_ (Next.js rule)

Quick validation

If the app has a config check script, run it (preferred):

pnpm config:check
Last updated on
Local SetupFirst Run