Configuration

Environment variables

Learn how to configure environment variables.

Environment variables are defined in the .env file in the root of the repository and in the root of the apps/mobile package.

  • Shared environment variables: Defined in the root .env file. These are shared between environments (e.g., development, staging, production) and apps (e.g., web, mobile).
  • Environment-specific variables: Defined in .env.development and .env.production files. These are specific to the development and production environments.
  • App-specific variables: Defined in the app-specific directory (e.g., apps/web). These are specific to the app and are not shared between apps.
  • Build environment variables: Not stored in the .env file. Instead, they are stored in eas.json file used to build app on Expo Application Services.
  • Secret keys: They're not stored on mobile side, instead they're defined on the web side.

Shared variables

Here you can add all the environment variables that are shared across all the apps.

To override these variables in a specific environment, please add them to the specific environment file (e.g. .env.development, .env.production).

.env.local
# Shared environment variables
 
# Supabase config to be used in apps to create Supabase clients.
SUPABASE_ANON_KEY=""
SUPABASE_URL="http://127.0.0.1:54321"
 
# The name of the product. This is used in various places across the apps.
PRODUCT_NAME="TurboStarter"
 
# The title of the site. This is used in the <title> tag of the site.
SITE_TITLE="Ship your startup everywhere. In minutes."
 
...

App-specific variables

Here you can add all the environment variables that are specific to the app (e.g. apps/mobile).

You can also override the shared variables defined in the root .env file.

apps/mobile/.env.local
# App-specific environment variables
 
# Env variables extracted from shared to be exposed to the client in Plasmo app
EXPO_PUBLIC_PRODUCT_NAME="${PRODUCT_NAME}"
EXPO_PUBLIC_SITE_URL="${SITE_URL}"
EXPO_PUBLIC_SUPABASE_ANON_KEY="${SUPABASE_ANON_KEY}"
EXPO_PUBLIC_SUPABASE_URL="${SUPABASE_URL}"
 
# Use this variable to enable or disable password-based authentication. If you set this to true, users will be able to sign up and sign in using their email and password. If you set this to false, the form won't be shown.
EXPO_PUBLIC_AUTH_PASSWORD="true"
 
...

EXPO_PUBLIC_ prefix

To make environment variables available in the Plasmo app code, you need to prefix them with EXPO_PUBLIC_. They will be injected to the code during the build process.

Only environment variables prefixed with EXPO_PUBLIC_ will be injected.

Read more about Expo environment variables.

Build environment variables

To allow your app to build properly on EAS you need to define your environment variables in eas.json file under corresponding profile (e.g. preview or production).

Here is an example of correctly filled eas.json for one of the profiles:

apps/mobile/eas.json
{
  "build": {
    "base": {
      "env": {
        "EXPO_PUBLIC_AUTH_PASSWORD": "true",
        "EXPO_PUBLIC_AUTH_MAGIC_LINK": "false",
        "EXPO_PUBLIC_THEME_MODE": "system",
        "EXPO_PUBLIC_THEME_COLOR": "orange"
      }
    },
    "production": {
      "extends": "base",
      "autoIncrement": true,
      "env": {
        "APP_ENV": "production",
        "EXPO_PUBLIC_SITE_URL": "https://turbostarter.dev",
        "EXPO_PUBLIC_SUPABASE_URL": "https://turbostarter.supabase.co",
        "EXPO_PUBLIC_SUPABASE_ANON_KEY": "<supabase_key>"
      }
    }
  }
}

Then, when you trigger production build correct environment variables will be injected to your mobile app code ensuring that everything is working correctly.

Secret keys

Secret keys and sensitive information are to be never stored on the mobile app code.

What does this mean?

It means that you will need to add the secret keys to the web app, where the API is deployed.

The mobile app should only communicate with the backend API, which is typically part of the web app. The web app is responsible for handling sensitive operations and storing secret keys securely.

See web documentation for more details.

This is not a TurboStarter-specific requirement, but a best practice for security for any application. Ultimately, it's your choice.

Last updated on

On this page

Ship your startup everywhere. In minutes.