# ─── Application ──────────────────────────────────────────────────── # TMDB API (server-side only — never NEXT_PUBLIC_) TMDB_API_KEY=your_tmdb_api_key_here # Supabase (public — browser client) NEXT_PUBLIC_SUPABASE_URL=http://localhost:8000 NEXT_PUBLIC_SUPABASE_ANON_KEY=your_anon_key_here # Supabase (server-side — internal Docker network) SUPABASE_INTERNAL_URL=http://supabase-kong:8000 SUPABASE_SERVICE_ROLE_KEY=your_service_role_key_here # Master Admin MASTER_ADMIN_USERNAME=admin MASTER_ADMIN_TOTP_SECRET=your_base32_totp_secret_here # Session encryption (32+ characters) IRON_SESSION_SECRET=this_must_be_at_least_32_characters_long # Sentry (optional) NEXT_PUBLIC_SENTRY_DSN= # ─── Supabase Infrastructure ─────────────────────────────────────── # IMPORTANT: Replace ALL defaults before first docker compose up. # ANON_KEY and SERVICE_ROLE_KEY must be regenerated from JWT_SECRET. JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password ANON_KEY=your_anon_key_here SERVICE_ROLE_KEY=your_service_role_key_here # Studio credentials (dev only — Studio bound to 127.0.0.1) DASHBOARD_USERNAME=supabase DASHBOARD_PASSWORD=this_password_is_insecure_and_should_be_updated # Realtime secret (generate a 64+ char random string) REALTIME_SECRET_KEY_BASE=please-generate-a-64-char-secret-key-base-for-realtime-service!! # ─── Caddy / Domain ──────────────────────────────────────────────── DOMAIN=localhost TLS_EMAIL=admin@example.com # ─── Postgres (optional overrides) ───────────────────────────────── POSTGRES_USER=supabase_admin POSTGRES_DB=supabase # Site URL (for GoTrue redirects) SITE_URL=http://localhost:3000