Configuration
Auktiva is configured through environment variables in a .env file. This page documents all available options.
Environment File
Create a .env file in the project root by copying the example:
cp .env.example .envRequired Variables
Database
# SQLite (local file)
DATABASE_URL="file:./data/auktiva.db"
# OR Turso (cloud database)
DATABASE_URL="libsql://your-database.turso.io"
DATABASE_AUTH_TOKEN="your-turso-auth-token"See Database Configuration for detailed setup instructions.
Authentication
# Secret key for encrypting sessions (generate with: openssl rand -base64 32)
AUTH_SECRET="your-secret-key-here"
# Base URL of your application
AUTH_URL="http://localhost:3000"Always generate a unique AUTH_SECRET for production. Never use the example value.
Storage Configuration
Local Storage (Default)
STORAGE_PROVIDER="local"
STORAGE_LOCAL_PATH="./uploads"S3-Compatible Storage
STORAGE_PROVIDER="s3"
S3_BUCKET="your-bucket-name"
S3_REGION="us-east-1"
S3_ACCESS_KEY_ID="your-access-key"
S3_SECRET_ACCESS_KEY="your-secret-key"
# Optional: Custom endpoint for S3-compatible services (MinIO, Cloudflare R2, etc.)
S3_ENDPOINT="https://your-endpoint.com"
# Optional: Custom public URL for serving files
S3_PUBLIC_URL="https://cdn.yourdomain.com"See Storage Configuration for detailed setup instructions.
Email Configuration (Optional)
Auktiva can send email notifications using Brevo (formerly Sendinblue). Brevo offers a free tier with 300 emails/day.
# Brevo API key (get from https://app.brevo.com/settings/keys/api)
BREVO_API_KEY="your-brevo-api-key"
# Sender email and name
MAIL_FROM="noreply@yourdomain.com"
MAIL_FROM_NAME="Auktiva"
# App URL for links in emails
NEXT_PUBLIC_APP_URL="https://yourdomain.com"
# Secret for securing the email retry cron endpoint
CRON_SECRET="generate-with-openssl-rand-base64-32"Email Types
When configured, Auktiva sends:
- Welcome emails - On user registration
- Auction invites - When users are invited to auctions
- New item notifications - When items are added (user can disable)
- Outbid notifications - When someone outbids a user (user can disable)
Email Retry System
Failed emails are logged to the database and automatically retried via a cron job at /api/cron/retry-emails. On Vercel, this runs every 15 minutes. The system retries up to 5 times before abandoning.
Email is optional. If BREVO_API_KEY is not set, no emails will be sent and the app will function normally.
Feature Flags
# Allow users to create open (public) auctions
ALLOW_OPEN_AUCTIONS="true"All Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL | Yes | - | Database connection string |
DATABASE_AUTH_TOKEN | Turso only | - | Turso authentication token |
AUTH_SECRET | Yes | - | Session encryption secret |
AUTH_URL | Yes | - | Application base URL |
STORAGE_PROVIDER | No | local | Storage provider (local or s3) |
STORAGE_LOCAL_PATH | Local only | ./uploads | Path for local file storage |
S3_BUCKET | S3 only | - | S3 bucket name |
S3_REGION | S3 only | - | S3 region |
S3_ACCESS_KEY_ID | S3 only | - | S3 access key |
S3_SECRET_ACCESS_KEY | S3 only | - | S3 secret key |
S3_ENDPOINT | No | - | Custom S3 endpoint |
S3_PUBLIC_URL | No | - | Custom public URL for files |
BREVO_API_KEY | No | - | Brevo API key for emails |
MAIL_FROM | No | noreply@auktiva.org | Sender email address |
MAIL_FROM_NAME | No | Auktiva.org | Sender display name |
NEXT_PUBLIC_APP_URL | No | - | App URL for email links |
CRON_SECRET | No | - | Secret for cron endpoint auth |
ALLOW_OPEN_AUCTIONS | No | false | Enable open auction creation |
Example Configurations
Development (SQLite + Local Storage)
DATABASE_URL="file:./data/dev.db"
AUTH_SECRET="dev-secret-change-in-production"
AUTH_URL="http://localhost:3000"
STORAGE_PROVIDER="local"
STORAGE_LOCAL_PATH="./uploads"
ALLOW_OPEN_AUCTIONS="true"Production (Turso + S3)
DATABASE_URL="libsql://myapp-myorg.turso.io"
DATABASE_AUTH_TOKEN="eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
AUTH_SECRET="generated-with-openssl-rand-base64-32"
AUTH_URL="https://auctions.mydomain.com"
STORAGE_PROVIDER="s3"
S3_BUCKET="myapp-uploads"
S3_REGION="us-east-1"
S3_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
S3_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
ALLOW_OPEN_AUCTIONS="false"Generating Secrets
Generate a secure AUTH_SECRET:
openssl rand -base64 32Or using Node.js:
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"