Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.refactkit.com/llms.txt

Use this file to discover all available pages before exploring further.

RefactKit reads its runtime configuration exclusively from environment variables. Before you start the development server or deploy to production, create a .env file in the project root by copying .env.example. Never commit this file to version control — it contains secrets that must stay off public repositories.

Creating your .env file

cp .env.example .env
Open the copy and fill in each value using the reference below.

Variable reference

Authentication

These variables configure Better Auth, which handles sessions, organizations, and RBAC across your entire application.
BETTER_AUTH_SECRET
string
required
A cryptographically random 32-character string used to sign and verify session tokens. Generate a secure value with:
openssl rand -base64 32
Keep this value secret and consistent across all instances of the same environment. Rotating it invalidates all active sessions.
BETTER_AUTH_URL
string
required
The base URL of your application, used by Better Auth to construct callback URLs for OAuth flows and email links.
  • Development: http://localhost:3000
  • Production: https://yourdomain.com
This value must exactly match the domain configured in your OAuth provider settings.
BETTER_AUTH_API_KEY
string
An optional API key for authenticating server-to-server requests against the Better Auth HTTP API. Starts with ba. Generate one from the Better Auth dashboard or via the CLI.

Database

DATABASE_URL
string
required
A PostgreSQL connection string used by Drizzle ORM to connect to your database. RefactKit ships configured for Supabase with connection pooling enabled.Find this value in your Supabase project under Settings → Database → Connection string → URI. Select the Transaction pooler (port 6543) for serverless deployments.
postgresql://postgres.your-project-id:your_db_password@aws-0-region.pooler.supabase.com:6543/postgres

Storage

RefactKit uses Supabase Storage for avatars, organization logos, and other uploaded media. All uploads are performed server-side — the service role key never reaches the browser.
VITE_SUPABASE_URL
string
required
Your Supabase project URL, used by both the client and server to reference storage buckets and construct public asset URLs.Find it in your Supabase project under Settings → API → Project URL.
https://your-project-id.supabase.co
This variable is prefixed with VITE_ and is safe to expose to the browser.
SUPABASE_SERVICE_ROLE_KEY
string
required
Your Supabase service role key. This key bypasses Row Level Security and is used exclusively in server functions to perform storage uploads on behalf of users.Find it under Settings → API → Project API keys → service_role.
Never expose this key to the browser or include it in any client-side bundle. RefactKit’s upload architecture (src/server/storage-fns.ts) keeps this key strictly on the server.

Email

RefactKit sends transactional emails (invitations, password resets, verification) using the Resend API.
RESEND_API_KEY
string
required
Your Resend API key. Generate one in the Resend dashboard under API Keys with Sending access. The key starts with re_.
EMAIL_FROM
string
required
The “From” address used for all outgoing emails. Use the format Display Name <address@yourdomain.com>.
My App <noreply@yourdomain.com>
The domain must be verified in your Resend account under Domains.

App

VITE_APP_URL
string
required
The canonical public URL of your application. Used for constructing absolute URLs in the frontend.
  • Development: http://localhost:3000
  • Production: https://yourdomain.com

Full .env.example reference

The following is the complete .env.example shipped with RefactKit. Copy it and replace every placeholder value before running the application. 
BETTER_AUTH_SECRET="your_random_32_character_secret_string"
BETTER_AUTH_URL="http://localhost:3000"

VITE_SUPABASE_URL="https://your-project-id.supabase.co"
SUPABASE_SERVICE_ROLE_KEY="eyJhbGci...your_long_service_role_key..._here"

VITE_APP_URL="http://localhost:3000"
DATABASE_URL="postgresql://postgres.your-project-id:your_db_password@aws-0-region.pooler.supabase.com:6543/postgres"

RESEND_API_KEY="re_your_resend_api_key_here"
EMAIL_FROM="Your App Name <noreply@yourdomain.com>"
BETTER_AUTH_API_KEY=ba...
Variables prefixed with VITE_ are statically inlined into the client bundle at build time. Only use this prefix for values that are safe to expose publicly. All other variables remain server-side only.