Skip to main content

Overview

The Hub platform uses environment variables for configuration management. This guide covers all required and optional environment variables for running the application.
All environment variables should be defined in your .env file or in your deployment environment.

Database Configuration

DB_HOST
string
required
PostgreSQL database host addressDefault: localhostExample: postgres (for Docker), db.example.com (for production)
DB_PORT
string
required
PostgreSQL database portDefault: 5432
DB_NAME
string
required
Database name for the Hub applicationExample: hub_db, padelhub_prod
DB_USER
string
required
Database username with read/write permissionsExample: hub_user
DB_PASSWORD
string
required
Database user password
Store securely and never commit to version control
DB_SSL_MODE
string
PostgreSQL SSL mode configurationDefault: disableOptions: disable, require, verify-ca, verify-full
Use require or higher for production environments

Authentication (Auth0)

AUTH0_ISSUER
string
required
Auth0 issuer URI for JWT token validationFormat: https://YOUR_DOMAIN.auth0.com/Example: https://padelhub.eu.auth0.com/
AUTH0_AUDIENCE
string
required
Auth0 API audience identifierExample: https://api.padelhub.comThis value must match the audience configured in your Auth0 API settings.

Media Storage (Cloudinary)

CLOUDINARY_CLOUD_NAME
string
required
Your Cloudinary cloud nameExample: padelhub-media
CLOUDINARY_API_KEY
string
required
Cloudinary API key for authentication
CLOUDINARY_API_SECRET
string
required
Cloudinary API secret
Keep this secret secure and never expose in client-side code

Email Service (Brevo)

BREVO_API_KEY
string
required
Brevo (formerly Sendinblue) API key for transactional emailsDefault: dummy-key-for-local (development only)
For local development, the default dummy key will log emails without sending them

Application Configuration

APP_FRONTEND_URL
string
Frontend application URL for CORS and email linksDefault: http://localhost:3000Production Example: https://app.padelhub.com
APP_MAIL_FROM
string
Sender email address for transactional emailsDefault: noreply@padelhub.comExample: support@padelhub.com
BACKEND_PORT
string
Port mapping for the backend service (Docker)Default: 8080
SWAGGER_ENABLED
boolean
Enable/disable Swagger UI and OpenAPI documentationDefault: true
Set to false in production environments

PostgreSQL Container Configuration

POSTGRES_DB
string
Initial database name (Docker only)This creates the database when the PostgreSQL container first starts.
POSTGRES_USER
string
PostgreSQL superuser name (Docker only)
POSTGRES_PASSWORD
string
PostgreSQL superuser password (Docker only)

Example Configuration

# Database
DB_HOST=postgres
DB_PORT=5432
DB_NAME=hub_db
DB_USER=hub_user
DB_PASSWORD=your_secure_password
DB_SSL_MODE=disable

# PostgreSQL Container
POSTGRES_DB=hub_db
POSTGRES_USER=hub_user
POSTGRES_PASSWORD=your_secure_password

# Auth0
AUTH0_ISSUER=https://your-tenant.auth0.com/
AUTH0_AUDIENCE=https://api.yourdomain.com

# Cloudinary
CLOUDINARY_CLOUD_NAME=your-cloud-name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret

# Brevo Email
BREVO_API_KEY=your_brevo_api_key

# Application
APP_FRONTEND_URL=http://localhost:3000
APP_MAIL_FROM=noreply@padelhub.com
BACKEND_PORT=8080

# Development
SWAGGER_ENABLED=true

Security Best Practices

1

Never commit secrets

Add .env to your .gitignore file. Use .env.example with placeholder values for documentation.
2

Use environment-specific files

Maintain separate configuration for development, staging, and production environments.
3

Enable SSL for databases

Set DB_SSL_MODE=require or higher for production databases.
4

Rotate credentials regularly

Implement a schedule for rotating database passwords and API keys.
5

Use secrets management

For production, use AWS Secrets Manager, HashiCorp Vault, or your cloud provider’s secrets service.
6

Disable debugging features

Set SWAGGER_ENABLED=false in production to prevent API documentation exposure.

Validation

The application validates required environment variables at startup. Missing or invalid variables will prevent the application from starting with clear error messages.
Use the health check endpoint /actuator/health to verify the application is running correctly with your configuration.

Next Steps

Authentication

Configure Auth0 authentication

Database Setup

Set up PostgreSQL with PostGIS

Integrations

Configure third-party services

Deployment

Deploy with Docker