Environment Variables

All configuration is managed through environment variables in the .env file.

Required Variables

Variable	Description	Example
DATABASE_URL	PostgreSQL connection string	postgresql://user:pass@localhost:5432/workforce?schema=public
NEXTAUTH_SECRET	Session encryption key (32+ chars)	a1b2c3d4... (use crypto.randomBytes)
NEXTAUTH_URL	Base URL of the application	https://workforce.example.com

Optional Variables

Server

Variable	Default	Description
PORT	3000	HTTP port
NODE_ENV	development	development, production, or test

Database

Variable	Default	Description
DATABASE_URL	—	Primary database connection
DIRECT_URL	—	Direct database connection (bypasses connection pooler)

Authentication

Variable	Default	Description
NEXTAUTH_SECRET	—	JWT/session secret
NEXTAUTH_URL	—	Canonical URL

File Uploads

Variable	Default	Description
UPLOAD_DIR	./upload	Directory for file uploads
MAX_FILE_SIZE	10485760	Maximum upload size in bytes (10 MB)

Email (Optional)

Variable	Default	Description
SMTP_HOST	—	SMTP server hostname
SMTP_PORT	587	SMTP port
SMTP_USER	—	SMTP username
SMTP_PASS	—	SMTP password
SMTP_FROM	—	Sender email address

Environment-Specific Configuration

Development

NODE_ENV=development
DATABASE_URL="postgresql://workforce:dev_password@localhost:5432/workforce_dev?schema=public"
NEXTAUTH_SECRET="dev-secret-not-for-production"
NEXTAUTH_URL="http://localhost:3000"

Production

NODE_ENV=production
DATABASE_URL="postgresql://workforce:strong_password@db-host:5432/workforce?schema=public&sslmode=require"
NEXTAUTH_SECRET="your-64-char-cryptographically-random-string"
NEXTAUTH_URL="https://workforce.example.com"

Generating Secrets

# Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

# PowerShell
[System.Convert]::ToBase64String((1..32 | ForEach-Object { Get-Random -Maximum 256 }) -as [byte[]])

# OpenSSL
openssl rand -hex 32

caution

Never commit .env files to version control. The .gitignore file should include .env.