Environment Variables
Renderer-public VITE vars, main-process MAIN_VITE vars, and Edge secrets.
Electron has more than one environment boundary. Values used by the renderer are bundled into client code, values used by the main process are compiled into the Electron main bundle, and server secrets belong outside the app entirely.
Model
.envlives at the project root and is read by Vite/electron-vite.VITE_*values are renderer-public. They ship in the app bundle.MAIN_VITE_*values are main-process build-time config.- Creem API keys and webhook secrets are Supabase Edge secrets, not app env.
- Packaging and signing variables are release-time environment variables for electron-builder or CI.
Supabase URL and publishable key are safe to ship because authorization is
enforced by Row Level Security. A Supabase service-role key is not safe to
ship and must never be placed in .env.
Starter .env
VITE_AUTH_ENABLED=true
VITE_AUTO_UPDATE_ENABLED=true
VITE_SUPABASE_URL=https://your-project-ref.supabase.co
VITE_SUPABASE_PUBLISHABLE_KEY=your-publishable-anon-key
MAIN_VITE_SENTRY_DSN=
VITE_ANALYTICS_ENDPOINT=
VITE_ANALYTICS_WRITE_KEY=
VITE_REPO_URL=
VITE_BILLING_ENABLED=false
VITE_BILLING_LICENSE_MODE=false
VITE_CREEM_PRODUCT_PRO_MONTHLY=prod_xxx
VITE_CREEM_PRODUCT_PRO_YEARLY=prod_xxx
VITE_CREEM_PRODUCT_LIFETIME=prod_xxxVITE_SHOWCASE_ENABLED and MAIN_VITE_SHOWCASE_ENABLED are read by code but
are not currently listed in .env.example. Add both when you want to preview
or build without the removable demo layer.
VITE_SHOWCASE_ENABLED=false
MAIN_VITE_SHOWCASE_ENABLED=falseApp env reference
Feature flags
Prop
Type
Supabase
Prop
Type
These values unlock email auth, profile reads/writes, avatar upload, todos, and subscription reads. The setup page documents the SQL and storage bucket the app expects.
Creem product IDs
Prop
Type
Product IDs are not secrets. shared/price-config.ts maps them to plan tiers;
unknown or missing product IDs resolve to free so an unconfigured build does
not unlock paid features.
Observability, analytics, and support
Prop
Type
Non-app env
Supabase Edge secrets
Set these with supabase secrets set or an Edge secret env file. They are read
by functions under supabase/functions/ and must never be bundled into the
desktop app.
Prop
Type
Packaging, updates, and signing
Prop
Type
Test-only
Prop
Type
Safe-to-ship checklist
| Value | Safe in app bundle? | Why |
|---|---|---|
| Supabase URL | Yes | Identifies the project endpoint. |
| Supabase publishable key | Yes | Intended for clients; RLS decides which rows the user can access. |
| Creem product IDs | Yes | Product identifiers only; they do not create checkout sessions by themselves. |
| Sentry DSN | Yes, with opt-in policy | A DSN is an ingest address, not a signing secret. User opt-in controls reporting. |
| Analytics write key | Treat as public | It ships to the renderer if set. Use it only for low-risk client ingestion. |
| Supabase service-role key | No | Bypasses RLS and can write protected data. Keep it server-side only. |
| Creem API key/webhook secret | No | Server credentials for provider operations and signature verification. |
| Code-signing certificates/passwords | No | Release secrets for CI or your local signing environment. |
