Configuration
Environment variables and runtime flags for a self-hosted Sereal.
Sereal is configured entirely through .env.local. Copy .env.example and fill
it in. This page explains what each variable is for; the example file is the
canonical list.
Boolean flags are strict.
SELF_HOSTED,PUBLIC_SIGNUP_ENABLED,BILLING_ENABLED, andDEMO_TENANT_ENABLEDaccept onlytrue,false,1, or0. Any other value ("True","yes", an empty trailing space) throws at startup by design — seelib/config.ts. Fail fast beats quiet misconfig.
Required — Supabase
| Variable | Purpose |
|---|---|
NEXT_PUBLIC_SUPABASE_URL | Project URL. Browser-safe. |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Anon public key. Browser-safe. |
SUPABASE_SERVICE_ROLE_KEY | Service-role key. Server-only — never exposed to the browser. |
SUPABASE_URL | Same value as NEXT_PUBLIC_SUPABASE_URL; used by seed/bootstrap scripts. |
Required — owner account
| Variable | Purpose |
|---|---|
OWNER_EMAIL / OWNER_PASSWORD | The account the bootstrap script creates and you log in with. |
PLATFORM_OWNER_EMAIL | Gates instance-level metadata (the db_backups view in Account). For single-tenant self-host, set it equal to OWNER_EMAIL. Leave blank to fail closed. |
Required — security
| Variable | Purpose |
|---|---|
CRON_SECRET | Shared secret validating /api/cron/* requests. Generate with openssl rand -hex 32. |
Self-host flags
Defaults preserve cloud behavior; for a personal install you'll typically set:
SELF_HOSTED=true # disables signup, billing, and shared-key paths
PUBLIC_SIGNUP_ENABLED=false # signup is invite-only; not used on self-host
BILLING_ENABLED=false # no billing code path
DEMO_TENANT_ENABLED=false # no demo tenant on a personal installOptional — eBay
| Variable | Purpose |
|---|---|
EBAY_APP_ID / EBAY_CERT_ID | Your own eBay app credentials. Leave blank to run without deal-watching, Scout, and comp lookup. Sereal will not ship shared credentials (ADR-001). |
Optional — email and comps
| Variable | Purpose |
|---|---|
RESEND_API_KEY or SMTP_HOST / SMTP_PORT / SMTP_USER / SMTP_PASS | Outbound email for the daily deal digest. Skip entirely and the app still runs; you just get no email summaries. |
DEAL_ALERT_EMAIL | Where the deal digest is sent. |
SOLDCOMPS_API_KEY | External sold-comp data source; not required for core flows. |
NEXT_PUBLIC_PLAUSIBLE_SRC | Analytics override for public funnel pages. Public client-side config, not a secret; loads only in production. |
Verifying configuration
The health check reflects config state directly:
curl -sf http://localhost:3000/api/health | jq .checks.env"ok" means every required variable is present and parseable. "fail" means
something is missing or empty — and if you edited .env.local on Windows, a BOM
or CRLF line ending can break parsing (dos2unix .env.local).