Skip to main content

Environment Variables

GLHF uses environment variables for secrets, service connections, and feature flags that are rarely changed during a study. Study content like the study name, consent text, and page content is managed through the Strapi admin panel. Both the backend and frontend have .env.example files as starting points.

Backend

Core Strapi

VariableDescriptionExample
HOSTStrapi server hostlocalhost
PORTStrapi server port1337
PUBLIC_URLPublic-facing backend URLhttp://localhost:1337
BACKEND_URLBackend URL (internal)http://localhost:1337
APP_KEYSComma-separated app keys(generate with openssl)
API_TOKEN_SALTSalt for API tokens(generate with openssl)
ADMIN_JWT_SECRETAdmin panel JWT secret(generate with openssl)
JWT_SECRETUser JWT secret(generate with openssl)
TRANSFER_TOKEN_SALTTransfer token salt(generate with openssl)

Authentication

VariableDescriptionExample
NEXTAUTH_SECRETShared secret with frontend (must match)(generate with openssl)
NEXTAUTH_URLFrontend URL for NextAuth callbackshttp://localhost:3000
USER_EMAIL_HMAC_KEYHMAC key for hashing participant emails(generate with openssl)

Email

VariableDescriptionExample
EMAIL_FROMSender email addressstudy@example.com
EMAIL_REPLY_TOReply-to email addresssupport@example.com
EMAIL_SERVER_USERSMTP username
EMAIL_SERVER_PASSWORDSMTP password
EMAIL_SERVER_HOSTSMTP hostsmtp.example.com
EMAIL_SERVER_PORTSMTP port587
EMAIL_DOMAINDomain for hashed email addressesexample.com
SUPPORT_EMAILSupport email shown in participant emails

Steam

VariableDescriptionExample
STEAM_API_KEYSteam Web API key
ENCRYPTION_KEYAES-256-CBC key for encrypting sensitive data(generate with openssl)

S3 Storage

VariableDescriptionExample
S3_ACCESS_KEY_IDS3 access key
S3_ACCESS_SECRETS3 secret key
S3_REGIONS3 regionus-east-1
S3_BUCKETS3 bucket name (false to disable)false
S3_ENDPOINTCustom S3 endpoint (for MinIO, etc.)

Study Timeline

VariableDescriptionDefault
STUDY_SURVEY_EXPIRATION_DAYSDays before survey link expires7
STUDY_SURVEY_REMINDER_DAYSDays after survey send to send reminder3
STUDY_DAYS_BEFORE_SURVEYDays of data collection before survey7
STUDY_END_DAYS_AFTER_SURVEYDays after survey before study ends14

Study Requirements

VariableDescriptionDefault
STEAM_REQUIREDRequire Steam account linkingtrue
STEAM_REQUIRE_OWNED_GAMESRequire participant to have owned gamesfalse
STEAM_REQUIRE_PLAYTIME_PUBLICRequire public playtime visibilitytrue
STEAM_REQUIRE_RECENT_PLAYTIMERequire recent playtime datafalse
DISCORD_REQUIREDRequire Discord account linking

Cron Schedules

VariableDescriptionDefault
STEAM_FETCH_CRON_SCHEDULERecently played games fetch interval*/10 * * * *
STEAM_OWNED_GAMES_SYNC_CRON_SCHEDULEOwned games sync interval*/10 * * * *
STEAM_PROFILE_SYNC_CRON_SCHEDULEProfile sync interval*/15 * * * *
REMOVE_TOKENS_CRON_SCHEDULEExpired token cleanup interval0 */5 * * * *
SURVEY_EMAIL_IMPORT_CRON_SCHEDULEQualtrics email import interval0 */2 * * * *
SURVEY_EMAIL_IMPORT_CRON_SCHEDULE_ENABLEDEnable Qualtrics email importfalse
SURVEY_ACTIVATE_CRON_SCHEDULESurvey activation check interval*/15 * * * *
SURVEY_ACTIVATE_CRON_SCHEDULE_ENABLEDEnable survey activationfalse
PROLIFIC_DIGEST_CRON_SCHEDULEProlific digest interval0 7 * * *
PROLIFIC_DIGEST_CRON_SCHEDULE_ENABLEDEnable Prolific digestfalse
PURGE_USERS_CRON_SCHEDULEUser purge interval
PURGE_USERS_CRON_SCHEDULE_ENABLEDEnable user purge(off by default)

Qualtrics

VariableDescription
QUALTRICS_CLIENT_IDOAuth2 client ID
QUALTRICS_CLIENT_SECRETOAuth2 client secret
QUALTRICS_DATACENTER_IDQualtrics datacenter (e.g., oii.eu)
QUALTRICS_SURVEY_IDTarget survey ID
QUALTRICS_DIRECTORY_IDDefault directory ID
QUALTRICS_MAILINGLIST_IDMailing list ID for contacts
QUALTRICS_LIBRARY_IDMessage library ID
QUALTRICS_MESSAGE_INVITE_IDSurvey invite message ID
QUALTRICS_MESSAGE_REMINDER_IDSurvey reminder message ID

Discord Bot

VariableDescription
DISCORD_BOT_TOKENDiscord bot token
DISCORD_GUILDDiscord guild (server) ID

Slack

VariableDescription
SLACK_WEBHOOK_URLSlack incoming webhook URL

Frontend

Core

VariableDescriptionExample
NEXT_INTERNAL_STRAPI_API_URLInternal Strapi API URLhttp://localhost:1337
NEXT_PUBLIC_API_URLPublic-facing API URLhttp://localhost:3000
NEXT_PUBLIC_UPLOADS_URLStrapi uploads URLhttp://localhost:1337
NEXT_INTERNAL_IMAGE_DOMAINImage optimization domainlocalhost
NEXT_INTERNAL_IMAGE_DOMAIN_PROTOCOLImage domain protocolhttp
IMAGE_DOMAINExternal image domain (production)
PREVIEW_SECRETCMS preview mode secret

Authentication

VariableDescriptionExample
NEXTAUTH_SECRETShared secret with backend (must match)
NEXTAUTH_URLNextAuth callback URLhttp://localhost:3000
STRAPI_PASSWORDLESS_TOKENStrapi API token for auth flow(from Strapi admin)
NEXT_INTERNAL_AUTH_VERIFICATION_SECRETShared secret for the create-verification-token endpoint. Leave empty or unset to disable the endpoint. Generate with openssl rand -hex 32 and share with the Qualtrics Web Service configuration.

Sign-in Providers

VariableDescriptionDefault
EMAIL_SIGNIN_ENABLEDEnable email magic link sign-intrue
DISCORD_SIGNIN_ENABLEDEnable Discord OAuth sign-infalse
DISCORD_CLIENT_IDDiscord OAuth client ID
DISCORD_CLIENT_SECRETDiscord OAuth client secret
DISCORD_BOT_TOKENDiscord bot token (for account linking)
GOOGLE_SIGNIN_ENABLEDEnable Google OAuth sign-infalse
GOOGLE_CLIENT_IDGoogle OAuth client ID
GOOGLE_CLIENT_SECRETGoogle OAuth client secret

Steam

VariableDescription
STEAM_API_KEYSteam Web API key (same as backend)