Environment Variables Guide

Complete guide on how to obtain all the required environment variables for JB Better Auth UI.

Quick Setup: Copy to .env.local

# Better Auth Configuration
BETTER_AUTH_SECRET=""
BETTER_AUTH_URL="http://localhost:3000"

# Database (PostgreSQL, MySQL, or SQLite)
DATABASE_URL=""

# Email Provider (Resend)
RESEND_FROM_EMAIL=""
RESEND_API_KEY=""

# OAuth Providers (Optional)
GOOGLE_CLIENT_ID=""
GOOGLE_CLIENT_SECRET=""

GITHUB_CLIENT_ID=""
GITHUB_CLIENT_SECRET=""

Better Auth

BETTER_AUTH_SECRETRequired

A secret key used to encrypt sessions and tokens. Must be at least 32 characters.

How to get it:

Generate a secure random string using: openssl rand -base64 32

Example:

BETTER_AUTH_SECRET="your-super-secret-key-at-least-32-chars"

BETTER_AUTH_URLRequired

The base URL of your application where Better Auth is hosted.

How to get it:

Use your deployed URL in production or localhost for development.

Example:

BETTER_AUTH_URL="http://localhost:3000"

Database

DATABASE_URLRequired

Connection string for your database. Supports PostgreSQL, MySQL, or SQLite.

How to get it:

PostgreSQL (Recommended):

Create a database at Neon, Supabase, or Railway
Copy the connection string from your dashboard

MySQL:

Create a database at PlanetScale

SQLite (Development only):

Use a file path like: file:./dev.db

Example:

DATABASE_URL="postgresql://user:password@host:5432/dbname"

Email Provider (Resend)

RESEND_API_KEYRequired

API key for sending emails through Resend.

How to get it:

Go to resend.com and create an account
Navigate to API Keys in the dashboard
Click Create API Key
Give it a name and select the appropriate permissions
Copy the generated key (starts with re_)

Example:

RESEND_API_KEY="re_123abc456def789..."

RESEND_FROM_EMAILRequired

The email address that emails will be sent from.

How to get it:

In Resend dashboard, go to Domains
Add and verify your domain (e.g., yourdomain.com)
Once verified, use any email with that domain
For testing, use onboarding@resend.dev (limited to your own email)

Example:

RESEND_FROM_EMAIL="noreply@yourdomain.com"

Google OAuth (Optional)

GOOGLE_CLIENT_IDOptional

OAuth 2.0 Client ID for Google Sign-In.

How to get it:

Go to Google Cloud Console
Create a new project or select an existing one
Navigate to APIs & Services > Credentials
Click Create Credentials > OAuth client ID
Select Web application as the application type
Add authorized redirect URI: http://localhost:3000/api/auth/callback/google
Copy the Client ID

Example:

GOOGLE_CLIENT_ID="123456789-abcdef.apps.googleusercontent.com"

GOOGLE_CLIENT_SECRETOptional

OAuth 2.0 Client Secret for Google Sign-In.

How to get it:

Generated alongside the Client ID in the previous step. Copy it from the credentials page.

Example:

GOOGLE_CLIENT_SECRET="GOCSPX-abcdef123456"

GitHub OAuth (Optional)

GITHUB_CLIENT_IDOptional

OAuth App Client ID for GitHub Sign-In.

How to get it:

Go to GitHub Developer Settings
Click New OAuth App
Fill in the application details:
- Application name: Your app name
- Homepage URL: http://localhost:3000
- Authorization callback URL: http://localhost:3000/api/auth/callback/github
Click Register application
Copy the Client ID

Example:

GITHUB_CLIENT_ID="Iv1.abc123def456"

GITHUB_CLIENT_SECRETOptional

OAuth App Client Secret for GitHub Sign-In.

How to get it:

After creating the OAuth App, click "Generate a new client secret" and copy it immediately (it won't be shown again).

Example:

GITHUB_CLIENT_SECRET="abc123def456ghi789..."

Production Deployment Notes

1.Update BETTER_AUTH_URL to your production domain (e.g., https://yourdomain.com)
2.Update OAuth callback URLs in Google Cloud Console and GitHub Developer Settings to use your production domain
3.Ensure your Resend domain is verified and properly configured
4.Never commit your .env.local file to version control

Better Auth Docs

Official documentation