Configuration
Launchway follows the 12-factor app (opens in a new tab) principles which, regards to configurations, means that it's driven entirely by environment variables. Enabling or disabling certain features like caching or storage, as well as changing the underlying providers, is all driven by the presence or absence of specific named environment variables.
Most of this happens in the app/config/features.server.ts
file. This uses Zod schemas to read your .env
on startup and determine if you have emails, caching, and storage enabled as well as which underlying provider to use for each.
Managing configuration
All sensitive secrets (think database URLs, Stripe API key, OAuth client IDs/secrets) should be stored as environment variables and never in the code. As well as this, other non-secret configurations like the app name, URL, and cookie domain are driven by environment variables. This allows you to have different configurations depending on if you're running in a local or production environment.
There are some essential environment variables that are necessary for your app to run
NODE_ENV
- used to determine various featuresDATABASE_URL
- can be a remote or local Postgres instance or SQLite fileSESSION_SECRET
- used to sign the session cookie. More info on that hereAPP_URL
- the URL of your app. Required for emails and Stripe linksAPP_NAME
- the name of your appCOOKIE_DOMAIN
- the cookie domain for sessions. This will belocalhost
in local environments and your app's real domain for production environmentsSTRIPE_SECRET_KEY
- your Stripe secret keySTRIPE_WEBHOOK_SECRET
- your Stripe webhooks secret
Documentation for certain features or areas of the app will always list relevant environment variables with an alert like the one you see below
Validation
All environment variables are parsed on startup using a Zod schema, ensuring that all necessary and optional variables exist and or are in the correct format (number, string etc). This happens in app/utils/env.server.ts
.
Client-side environment variables
By default, all environment variables are only present in the server-side part of your app (i.e. not in client-side React components). Some values are non-sensitive and are safe to expose to the client-side part of your code. For this, there's a helper method getPublicClientSideEnvVars()
that makes specific named values available to the client on initial load. By default, there are only three environment variables made public
PUBLIC_SENTRY_DSN
NODE_ENV
APP_NAME
You should be extremely cautious about which variables to expose here. If you accidentally expose your Stripe key or database credentials, for example, a malicious user could cause serious damage to your system.