Env Wizard

Variable reference for Railway dev / main (primary) and optional local dev. Set STACK_URL on the deploy-console service first. Download template is for local .env.local only.

Show required only

Generate secrets with: python3 -c "import secrets; print(secrets.token_hex(32))"

Variable	Required	Description	Account / link
`SECRET_KEY` e.g. `<hex-32>`	Yes	Main JWT signing key — generate fresh	—
`BACKEND_SECRET_KEY` e.g. `<hex-32>`	Yes	Secondary signing key	—
`ALGORITHM` e.g. `HS256`	Yes local default ok	JWT algorithm	—
`ACCESS_TOKEN_EXPIRE_MINUTES` e.g. `30`	Yes local default ok	Token TTL	—

Set on deploy-console service in dev/main — no secrets. Primary probe target for dashboard.

Variable	Required	Description	Account / link
`STACK_URL` e.g. `https://main-api-dev-6c56.up.railway.app`	Yes	Public main-api base URL for /api/stack-health and dashboard	deploy-console dev
`RAILWAY_ENV` e.g. `dev`	No	Label for active stack (dev \| main)	—
`MAIN_API_URL_DEV` e.g. `https://main-api-dev-6c56.up.railway.app`	No	Preset URL shown for dev stack card	—
`MAIN_API_URL_MAIN`	No	Preset URL for main stack when provisioned	—
`RAILWAY_PROJECT_ID` e.g. `0846c0a0-1ad9-4d8a-9618-91be49e18208`	No	co2t-tsi project — quick links	Railway → co2t-tsi

Tier A shared vars: co2t-tracking-system/env/tsi.*.shared.env.example → railway-push-shared-env.sh. DB/RabbitMQ via ${{service}} references.

Variable	Required	Description	Account / link
`DATABASE_URL` e.g. `${{Postgres.DATABASE_URL}}`	Yes	From Postgres service — never localhost on Railway	—
`RABBITMQ_URL` e.g. `${{rabbitmq.RABBITMQ_URL}}`	No	Internal rabbitmq.railway.internal — not guest/guest	—
`CO2TRUST_DISABLE_QUEUE` e.g. `false`	No	true only for smoke when broker unavailable	—

Security reminder

Never commit .env.local or any file containing real secret values.
All TSI repos already have .env.local and .env*.local in .gitignore.
For Railway: set vars in the Railway dashboard or with railway variables --set KEY=VALUE.
Generate fresh JWT secrets for each environment with python3 -c "import secrets; print(secrets.token_hex(32))".
Use Stripe test keys (sk_test_…) for dev; never use live keys locally.

Env Wizard

App

Database (Postgres)

RabbitMQ

JWT / Auth

Stripe

Supabase

Dynamic (Wallet auth)

ZeroDev (Account abstraction)

Deploy console (Railway)

Railway (main-api)

Blockchain (Base / Sepolia)

Cloudflare

Mailtrap (Email dev)

Goldsky / Subgraph

Security reminder