Configuration
After setting up the database, configure environment variables to connect A²D to Supabase and external services.
Overview
A²D uses environment variables for all configuration. These are stored in .env.local (gitignored) for local development and in your hosting platform for production.
Time required: ~5 minutes
Required Environment Variables
| Name | Type | Description |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URLrequired | string | Your Supabase project URL - used for all database connections |
NEXT_PUBLIC_SUPABASE_ANON_KEYrequired | string | Public anonymous key - safe for client-side use with RLS protection |
SUPABASE_SERVICE_ROLE_KEYrequired | string | Secret service role key - bypasses RLS, server-side only |
NEXT_PUBLIC_APP_URLrequired | string | Your application URL for redirects and callbacks |
Setup Steps
Step 1: Create Environment File
Copy the example environment file:
cp .env.example .env.local.env.local is already in .gitignore and will not be committed to version control.
Step 2: Get Supabase Credentials
- Go to your Supabase project dashboard
- Navigate to Settings → API
- Copy the following values
Project URL
Located at the top of the API settings page:
https://your-project-ref.supabase.coAPI Keys
Under “Project API keys” section:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6...
# ~300 characters
# Safe to expose in browsereyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6...
# ~300 characters
# NEVER expose in browser!The service_role key has full database access and bypasses all Row Level Security policies. Treat it like a password.
Step 3: Edit .env.local
Open .env.local in your code editor and paste your values:
# .env.local - Supabase Configuration
NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
# Application Configuration
NEXT_PUBLIC_APP_URL=http://localhost:3000Replace the placeholder values with your actual Supabase credentials.
Environment Variable Details
NEXT_PUBLIC_SUPABASE_URL
Purpose: Supabase project endpoint for database connections
Format: https://[project-ref].supabase.co
Exposure: Public (prefixed with NEXT_PUBLIC_ = accessible in browser)
Example: https://abcdefghijklmnop.supabase.co
The NEXT_PUBLIC_ prefix means this variable is bundled into client-side JavaScript and is publicly accessible.
NEXT_PUBLIC_SUPABASE_ANON_KEY
Purpose: Public API key for client-side Supabase queries
Security: Safe to expose in browser - RLS policies still enforce data isolation
Format: Long JWT token starting with eyJ
Length: ~300+ characters
How it works:
- Allows anonymous database access
- Combined with user JWT for authenticated requests
- RLS policies filter data automatically
- Cannot bypass multi-tenant isolation
SUPABASE_SERVICE_ROLE_KEY
Purpose: Admin key for server-side operations that bypass RLS
Security: CRITICAL - Full database access, never expose
Powers:
- Bypasses all Row Level Security policies
- Can read/write any data across all organizations
- Used for user signup and admin operations
Usage in A²D:
- User signup (before JWT exists)
- Public MCP endpoints (server-specific access)
- Admin operations with manual filtering
Format: Long JWT token starting with eyJ
Never use service_role key in:
- Client-side code
- Browser JavaScript
- Public API responses
- Version control (already in .gitignore)
NEXT_PUBLIC_APP_URL
Purpose: Application base URL for redirects, callbacks, and MCP endpoint generation
Local development: http://localhost:3000
Production: Your deployed domain (e.g., https://ma2d.yourdomain.com)
Used for:
- Authentication redirects
- MCP endpoint URL generation
- Email template links
- OAuth callbacks
Verify Configuration
Test that environment variables are loaded correctly:
Start Development Server
npm run devCheck Console Output
You should NOT see errors like:
- ❌ “Missing environment variable NEXT_PUBLIC_SUPABASE_URL”
- ❌ “Supabase client initialization failed”
You should see:
- ✅ ”✓ Ready in Xs”
- ✅ ”○ Compiling /“
Open Application
Navigate to http://localhost:3000
The landing page should load without errors.
Test Signup Flow
- Click “Sign Up” button
- Fill in:
- Email:
test@example.com - Password:
SecurePassword123! - Organization Name:
Test Organization
- Email:
- Click “Create Account”
Expected result: ✅ User account created, redirected to dashboard
If it fails:
- Check environment variables are correct
- Verify no extra spaces or line breaks in keys
- Restart dev server: Stop (Ctrl+C) and run
npm run devagain
Production Configuration
For production deployment (Vercel, Netlify, etc.), configure environment variables in your hosting platform.
Vercel
- Go to vercel.com/dashboard
- Select your project
- Navigate to Settings → Environment Variables
- Add each variable:
Name: NEXT_PUBLIC_SUPABASE_URL
Value: https://your-prod-project.supabase.co
Environments: ✓ Production ✓ Preview ✓ DevelopmentName: NEXT_PUBLIC_SUPABASE_ANON_KEY
Value: eyJhbGciOi... (your production anon key)
Environments: ✓ Production ✓ Preview ✓ DevelopmentName: SUPABASE_SERVICE_ROLE_KEY
Value: eyJhbGciOi... (your production service role key)
Environments: ✓ Production ✓ Preview ✓ DevelopmentName: NEXT_PUBLIC_APP_URL
Value: https://your-app.vercel.app
Environments: ✓ Production- Click “Save” for each variable
- Redeploy if already deployed
Use production Supabase credentials for production deployments, not your development credentials.
Other Hosting Platforms
Configure environment variables according to your platform:
# Site settings → Build & deploy → Environment
# Add each variable in the web UI# Project → Variables tab
# Add each variable# Set via CLI
fly secrets set NEXT_PUBLIC_SUPABASE_URL=https://...
fly secrets set NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...
fly secrets set SUPABASE_SERVICE_ROLE_KEY=eyJ...
fly secrets set NEXT_PUBLIC_APP_URL=https://...# App settings → Environment variables
# Add each variableSecurity Best Practices
DO ✅
- Store .env.local locally (never commit)
- Use different credentials for development and production
- Rotate service_role key if compromised
- Use environment-specific projects (dev, staging, prod Supabase projects)
- Verify .gitignore includes
.env.localand.env - Use password manager to store credentials securely
DON’T ❌
- Don’t commit
.env.localor.envfiles to git - Don’t share service_role key via email/chat/Slack
- Don’t use production credentials in development
- Don’t expose service_role key in client-side code
- Don’t hardcode credentials in source code
- Don’t screenshot keys and share publicly
Multiple Environments
For complex setups, use different environment files:
.env.local # Local development (gitignored)
.env.development # Development server (gitignored)
.env.staging # Staging environment (gitignored)
.env.production # Production (gitignored, set in hosting platform)Best practice: Use separate Supabase projects for each environment:
ma2d-dev- Developmentma2d-staging- Stagingma2d-production- Production
Optional Environment Variables
For Enhanced Development
# .env.local - Development optimizations
NODE_ENV=development
# Disable telemetry
NEXT_TELEMETRY_DISABLED=1
# Custom port
PORT=3001For Production Monitoring
# Production only
# Error tracking (optional)
SENTRY_DSN=https://...
# Analytics (optional)
NEXT_PUBLIC_GA_ID=G-XXXXXXXXXXTroubleshooting
”Invalid API key” error
Cause: Wrong API key format, expired key, or using wrong key type
Solution:
- Copy keys again from Supabase dashboard (Settings → API)
- Ensure no extra spaces or line breaks when pasting
- Verify you’re using:
anonkey forNEXT_PUBLIC_SUPABASE_ANON_KEYservice_rolekey forSUPABASE_SERVICE_ROLE_KEY
- Check keys start with
eyJ(JWT format)
“Failed to create organization” during signup
Cause: Service role key missing, incorrect, or not loaded
Solution:
- Verify
SUPABASE_SERVICE_ROLE_KEYis set in.env.local - Check it’s the service_role key (not anon key)
- Restart dev server after adding:
# Stop server (Ctrl+C) npm run dev - Clear browser cache and try again
Changes to .env.local not taking effect
Cause: Next.js doesn’t hot-reload environment variables
Solution:
- Stop dev server (Ctrl+C)
- Restart:
npm run dev - Hard refresh browser:
- Mac: Cmd+Shift+R
- Windows/Linux: Ctrl+Shift+R
Environment variables are loaded once at server startup. You must restart for changes to take effect.
”Connection refused” or “Network error”
Cause: Incorrect Supabase URL or project is paused
Solution:
- Verify URL format:
https://[ref].supabase.co(no trailing slash) - Check project is not paused:
- Free tier projects auto-pause after 7 days of inactivity
- Go to Supabase dashboard → Unpause project
- Test URL in browser - should show Supabase page
Environment variable not defined in browser
Cause: Missing NEXT_PUBLIC_ prefix
Solution:
- Variables needed in browser must have
NEXT_PUBLIC_prefix - Server-only variables (like
SUPABASE_SERVICE_ROLE_KEY) should not have the prefix - Restart dev server after changing
Example:
# ✅ Available in browser
NEXT_PUBLIC_API_URL=https://api.example.com
# ❌ Only available on server
SUPABASE_SERVICE_ROLE_KEY=secret-keyConfiguration Checklist
Before proceeding, verify:
-
.env.localfile created -
NEXT_PUBLIC_SUPABASE_URLset correctly -
NEXT_PUBLIC_SUPABASE_ANON_KEYset correctly -
SUPABASE_SERVICE_ROLE_KEYset correctly (server-side only) -
NEXT_PUBLIC_APP_URLset correctly - Development server starts without errors
- Can access http://localhost:3000
- Signup flow works
- Can log in and see dashboard
Next Steps
Configuration complete! Now you can:
- Create Your First MCP Server - Quick start guide
- Explore Features - Learn about all capabilities
- Deploy to Production - Deploy to Vercel
Need Help? See Authentication Troubleshooting or check the FAQ.