BMAD-METHOD/bmad/bmm/agents/hand-off/ENV.md

ENVIRONMENT & DEPLOYMENT — Required env vars and notes for local dev and production

Serverless env vars (.env.example)

• NODE_ENV=development
• PORT=3000
• S3_BUCKET=your-bucket
• S3_REGION=your-region
• S3_ACCESS_KEY_ID=XXX
• S3_SECRET_ACCESS_KEY=XXX
• OPENAI_API_KEY=sk-...
• WHISPER_API_KEY=sk-... or reuse OPENAI_API_KEY
• LINKEDIN_CLIENT_ID=...
• LINKEDIN_CLIENT_SECRET=...
• LINKEDIN_REDIRECT_URI=https://your-host/api/linkedin/callback
• JWT_SECRET=some-long-secret
• APP_ENCRYPTION_KEY=base64:...
• TRANSCRIBE_SECRET=webhook-secret-for-transcribe
• KMS_KEY_ID=arn:aws:kms:...
• BILLING_ALERT_EMAIL=finance@example.com
• SENTRY_DSN=...

Local dev notes

• Use dotenv to load .env during local serverless function testing.
• For mobile dev, set EXPO_DEV_SERVER and REACT_NATIVE_PACKAGER_HOSTNAME accordingly.
• Provide fake/test keys in .env.local (never commit).

Production notes

• Use provider secrets manager (Vercel env, Netlify env, or AWS Secrets Manager).
• Rotate keys and set alerting for unusual usage.

Secrets handling

• Never store OPENAI_API_KEY or LINKEDIN_CLIENT_SECRET in the client code.
• Use serverless to perform all 3rd party API calls.