Skip to content

docs: clarify safe local env setup #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
b1rdmania wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: clarify safe local env setup #133

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 25 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,21 @@ Website: [mikeoss.com](https://mikeoss.com)
- At least one supported model provider API key: Anthropic, Google Gemini, or OpenAI
- LibreOffice installed locally if you need DOC/DOCX to PDF conversion

## Safe Local Testing

Mike handles legal documents, model-provider keys, Supabase credentials, and
object storage. For a first local run, use disposable infrastructure and
synthetic documents only:

- create a throwaway Supabase project
- create a throwaway R2 / S3-compatible bucket
- use capped or disposable model-provider API keys
- upload synthetic or public sample documents, not client, privileged, firm, or
confidential material

See [`docs/safe-local-testing.md`](docs/safe-local-testing.md) before testing
with anything sensitive.

## Database Setup

For a new Supabase database, open the Supabase SQL editor and run:
Expand Down Expand Up @@ -64,15 +79,23 @@ RESEND_API_KEY=your-resend-key
USER_API_KEYS_ENCRYPTION_SECRET=your-long-random-secret
```

Create `frontend/.env.local`:
Create `frontend/.env.local`.

Browser-safe public variables:

```bash
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY=your-supabase-anon-key
SUPABASE_SECRET_KEY=your-supabase-service-role-key
NEXT_PUBLIC_API_BASE_URL=http://localhost:3001
```

Server-side Next.js runtime variables:

```bash
# Server-side only. Never prefix this with NEXT_PUBLIC_.
SUPABASE_SECRET_KEY=your-supabase-service-role-key
```

Supabase values come from the project dashboard. Use the project URL for `SUPABASE_URL` / `NEXT_PUBLIC_SUPABASE_URL`, the service role key for `SUPABASE_SECRET_KEY`, and the anon/public key for `NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY`. If your Supabase project shows multiple key formats, use the legacy JWT-style anon and service role keys expected by the Supabase client libraries.

Provider keys are only needed for the models and email features you plan to use. Model provider keys can be configured in `backend/.env` for the whole instance, or per user in **Account > Models & API Keys**. If a provider key is present in `backend/.env`, that provider is available by default and the matching browser API key field is read-only.
Expand Down
4 changes: 3 additions & 1 deletion frontend/.env.local.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY=your-supabase-anon-key
SUPABASE_SECRET_KEY=your-supabase-service-role-key
NEXT_PUBLIC_API_BASE_URL=http://localhost:3001

# Server-side Next.js runtime only. Do not expose this as NEXT_PUBLIC_*.
SUPABASE_SECRET_KEY=your-supabase-service-role-key