Environment variables - TuPerfil.net

TuPerfil.net requires three environment variables to connect to Supabase and one for email delivery via Resend. All variables must be present at both build time and runtime.

Copy the example file

The repository ships with an .env.example file. Copy it to .env.local before running npm run dev:

cp .env.example .env.local

Then open .env.local and fill in the values described below.

Required variables

`NEXT_PUBLIC_SUPABASE_URL`

The base URL of your Supabase project. Every API call, storage request, and real-time subscription is sent to this address.


Where to find it	Supabase Dashboard → Settings → API → Project URL
Example	`https://abcdefghijklmnop.supabase.co`
Exposed to browser	Yes — this value is public

Because this variable starts with NEXT_PUBLIC_, Next.js bundles it into the client-side JavaScript. It is safe to expose; it is not a secret.

`NEXT_PUBLIC_SUPABASE_ANON_KEY`

The anonymous (public) API key for your project. Row Level Security policies in Supabase govern what anonymous and authenticated users can read or write, so this key is safe to ship in the browser bundle.


Where to find it	Supabase Dashboard → Settings → API → Project API keys → `anon public`
Example	`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...`
Exposed to browser	Yes — this value is public

This key is a signed JWT that identifies your project. It does not grant elevated access on its own — all data access is still governed by RLS policies.

`SUPABASE_SERVICE_ROLE_KEY`

The service role key bypasses every Row Level Security policy and grants full read/write access to your database, including the auth.users table. It is used only in server-side code via createAdminClient() in src/lib/supabase/admin.ts.


Where to find it	Supabase Dashboard → Settings → API → Project API keys → `service_role secret`
Example	`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...`
Exposed to browser	No — never expose this key

Never use SUPABASE_SERVICE_ROLE_KEY in client-side code or in any variable prefixed with NEXT_PUBLIC_. Leaking this key gives anyone unrestricted access to your entire database.

`RESEND_API_KEY`

The API key for Resend, used to send newsletter emails to subscribers. This variable is consumed server-side only (API routes and Server Actions).


Where to find it	Resend Dashboard → API Keys → Create API key
Example	`re_123abc456def...`
Exposed to browser	No

If you do not use the newsletter feature, you can leave this variable empty. The newsletter subscription API route will return an error, but the rest of the site will work normally.

Complete `.env.local` example

.env.local

# Supabase — find all three in Dashboard > Settings > API
NEXT_PUBLIC_SUPABASE_URL=https://abcdefghijklmnop.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# Resend — find in Resend Dashboard > API Keys
RESEND_API_KEY=re_123abc456def...

How the variables are used in code

The project has three Supabase client helpers, each using different variables:

// Browser client — uses public variables only
export function createClient() {
  return createBrowserClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
  );
}

Optional variables

These variables are not in .env.example but are read by the server if present. Set them in Vercel or in .env.local as needed.

`ADMIN_EMAIL`

The email address that receives contact form notifications. If not set, messages are saved to the database but no notification email is sent.


Example	`redaccion@tuperfil.net`
Exposed to browser	No

`RESEND_FROM_EMAIL`

The sender address used for all outgoing emails (contact notifications and newsletter). Defaults to TuPerfil.net <noticias@tuperfil.net> if not set.


Example	`TuPerfil.net <noticias@tuperfil.net>`
Exposed to browser	No

`NEWSLETTER_SECRET`

HMAC secret used to sign unsubscribe tokens in newsletter emails. If not set, the code falls back to SUPABASE_SERVICE_ROLE_KEY. Set this to a random string in production for extra security.


Example	`a-long-random-string-here`
Exposed to browser	No

Variable checklist

Variable	Required	Public	Purpose
`NEXT_PUBLIC_SUPABASE_URL`	Yes	Yes	Supabase project endpoint
`NEXT_PUBLIC_SUPABASE_ANON_KEY`	Yes	Yes	Anon/public API access
`SUPABASE_SERVICE_ROLE_KEY`	Yes	No	Admin API access (server only)
`RESEND_API_KEY`	For email	No	Newsletter and contact email delivery
`ADMIN_EMAIL`	For email	No	Recipient of contact form notifications
`RESEND_FROM_EMAIL`	No	No	Sender address for outgoing emails
`NEWSLETTER_SECRET`	No	No	HMAC secret for unsubscribe tokens

Documentation Index

​Copy the example file

​Required variables

​NEXT_PUBLIC_SUPABASE_URL

​NEXT_PUBLIC_SUPABASE_ANON_KEY

​SUPABASE_SERVICE_ROLE_KEY

​RESEND_API_KEY

​Complete .env.local example

​How the variables are used in code

​Optional variables

​ADMIN_EMAIL

​RESEND_FROM_EMAIL

​NEWSLETTER_SECRET

​Variable checklist

Copy the example file

Required variables

`NEXT_PUBLIC_SUPABASE_URL`

`NEXT_PUBLIC_SUPABASE_ANON_KEY`

`SUPABASE_SERVICE_ROLE_KEY`

`RESEND_API_KEY`

Complete `.env.local` example

How the variables are used in code

Optional variables

`ADMIN_EMAIL`

`RESEND_FROM_EMAIL`

`NEWSLETTER_SECRET`

Variable checklist