Skip to content

Configuration

Environment configuration, secrets management, and OAuth setup.

Key Principle

Remote environment secrets are managed exclusively via CI/CD.

Environment Secret Storage Managed By
Local .env.local Developer
Staging GitHub Secrets CI/CD (deploy-staging.yml)
Production GitHub Secrets CI/CD (deploy-production.yml)
Preview GitHub Secrets CI/CD (pr-checks.yml)

Guides

Multi-Environment Configuration

Complete reference including: - Environment architecture - Configuration files - Environment variables - GitHub Secrets setup - Supabase Dashboard settings

Secrets Management

How secrets flow through the system: - Local development setup - GitHub Secrets configuration - CI/CD secret injection - Security best practices - Secret rotation

OAuth Setup

OAuth provider configuration: - Production OAuth apps (Supabase Dashboard) - Local development OAuth apps - Callback URL configuration

OAuth Provider Setup

Detailed setup for each OAuth provider (GitHub, Google).

Quick Reference

Files

File Committed Purpose
.env.local.example Yes Template for local development
.env.local No Actual local secrets
supabase/config.toml Yes Supabase local config

GitHub Secrets Required

Secret Purpose
SUPABASE_ACCESS_TOKEN CLI authentication
SUPABASE_PROJECT_ID Project reference ID
SUPABASE_PUBLISHABLE_KEY API authentication
SERVICE_AUTH_SECRET_PRODUCTION Production service auth
SERVICE_AUTH_SECRET_STAGING Staging service auth

Setup Commands

# Local development
cp .env.local.example .env.local
supabase start
deno task dev

# Generate secure secret
openssl rand -base64 32

# Verify remote secrets (after deployment)
supabase secrets list                  # production
supabase secrets list --branch develop # staging