Skip to main content
Hiro CRM uses environment variables to configure integrations, API keys, and service connections. This guide documents all available environment variables.

Quick Setup

1

Copy the example file

cd frontend
cp .env.example .env.local
2

Configure required variables

At minimum, you need to configure Supabase credentials:
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
NEXT_PUBLIC_APP_URL=https://your-domain.com
3

Add optional integrations

Configure additional services based on your needs (see sections below).

Required Variables

These variables are essential for Hiro CRM to function.

Supabase Configuration

NEXT_PUBLIC_SUPABASE_URL
string
required
Your Supabase project URL.Example: https://xyzcompany.supabase.coWhere to find: Supabase Dashboard → Project Settings → API → Project URL
NEXT_PUBLIC_SUPABASE_ANON_KEY
string
required
Supabase anonymous (public) key for client-side authentication.Where to find: Supabase Dashboard → Project Settings → API → Project API keys → anon public
This key is safe to expose in your frontend code. It’s protected by Row Level Security (RLS) policies.
SUPABASE_SERVICE_ROLE_KEY
string
required
Supabase service role key for server-side operations.Where to find: Supabase Dashboard → Project Settings → API → Project API keys → service_role secret
Keep this secret! Never expose this key in client-side code. It bypasses Row Level Security.

Application URL

NEXT_PUBLIC_APP_URL
string
required
The public URL where your Hiro CRM instance is deployed.Development: http://localhost:3000Production: https://your-domain.comUsed for generating absolute URLs in emails, redirects, and OAuth callbacks.

Optional Integrations

These variables enable additional features and integrations.

OpenAI (AI Assistant)

Enable the AI-powered Concierge assistant for natural language queries.
OPENAI_API_KEY
string
Your OpenAI API key for GPT-4 access.Example: sk-proj-...Where to get: OpenAI PlatformFeatures enabled:
  • Natural language customer queries
  • Smart data insights
  • Automated report generation
Without this key, the AI Assistant features will be disabled but all other CRM functionality works normally.

Brevo (Email & SMS Campaigns)

Configure Brevo (formerly Sendinblue) for marketing campaigns.
BREVO_API_KEY
string
Your Brevo API key.Where to get: Brevo Dashboard → SMTP & API → API KeysFeatures enabled:
  • Email campaigns
  • SMS campaigns
  • Transactional emails
  • Campaign analytics
BREVO_SENDER_EMAIL
string
Default sender email address for campaigns.Example: [email protected]Must be a verified sender in your Brevo account.
BREVO_SENDER_NAME
string
Default sender name displayed in emails.Example: Hiro CRM or Your Restaurant Name
BREVO_SMS_SENDER
string
Sender name for SMS campaigns (max 11 characters).Example: HiroCRM
SMS sender names are subject to carrier restrictions. Keep it short and alphanumeric.

POS Integrations

Integrate with restaurant POS systems for automatic data sync.

CoverManager

COVERMANAGER_API_KEY
string
API key for CoverManager POS integration.Where to get: Contact CoverManager supportFeatures enabled:
  • Automatic reservation sync
  • Customer data import
  • Revenue tracking
  • Table management sync

Revo POS

REVO_ACCESS_TOKEN
string
Access token for Revo POS integration.Where to get: Revo XEF → Settings → Integrations → API AccessFeatures enabled:
  • Sales data sync
  • Product catalog sync
  • Customer purchase history

Background Jobs (Inngest)

Configure Inngest for background workflows and automations.
INNGEST_EVENT_KEY
string
Inngest event key for sending events.Where to get: Inngest Dashboard → Your App → KeysUsed for:
  • Automated marketing workflows
  • Scheduled tasks
  • Async data processing
INNGEST_SIGNING_KEY
string
Inngest signing key for webhook verification.Where to get: Inngest Dashboard → Your App → Keys → Signing Key
Required in production to verify webhook authenticity.

Google Drive Integration

Enable document library features with Google Drive.
GOOGLE_DRIVE_CLIENT_ID
string
Google OAuth 2.0 client ID.Where to get: Google Cloud Console → APIs & Services → Credentials
GOOGLE_DRIVE_CLIENT_SECRET
string
Google OAuth 2.0 client secret.Where to get: Google Cloud Console → Your OAuth 2.0 Client → Client Secret
GOOGLE_DRIVE_REFRESH_TOKEN
string
Google Drive refresh token for server-side access.How to generate: Use the OAuth 2.0 Playground or run the setup script:
npm run setup:google-drive

Error Tracking (Sentry)

Monitor errors and performance with Sentry.
SENTRY_DSN
string
Sentry Data Source Name for server-side error tracking.Example: https://[email protected]/456Where to get: Sentry Dashboard → Project Settings → Client Keys (DSN)
NEXT_PUBLIC_SENTRY_DSN
string
Sentry DSN for client-side error tracking.Typically the same as SENTRY_DSN.
SENTRY_ORG
string
Your Sentry organization slug (for source map uploads).Example: my-company
SENTRY_PROJECT
string
Your Sentry project slug (for source map uploads).Example: hiro-crm
SENTRY_AUTH_TOKEN
string
Sentry auth token for uploading source maps during build.Where to get: Sentry → Settings → Auth Tokens → Create New Token
Only needed in CI/CD environments for production builds.

Environment-Specific Configuration

Development (.env.local)

Minimal configuration for local development: 
# Supabase
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key

# App URL
NEXT_PUBLIC_APP_URL=http://localhost:3000

# Optional: AI features
OPENAI_API_KEY=sk-proj-...

Production (Vercel)

All required variables plus optional integrations: 
# Core
NEXT_PUBLIC_SUPABASE_URL=https://prod.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...
SUPABASE_SERVICE_ROLE_KEY=eyJ...
NEXT_PUBLIC_APP_URL=https://crm.your-restaurant.com

# Monitoring
SENTRY_DSN=https://[email protected]/...
NEXT_PUBLIC_SENTRY_DSN=https://[email protected]/...

# AI & Marketing
OPENAI_API_KEY=sk-proj-...
BREVO_API_KEY=xkeysib-...
[email protected]
BREVO_SENDER_NAME=Your Restaurant

# POS Integration (if applicable)
COVERMANAGER_API_KEY=cm_...
# or
REVO_ACCESS_TOKEN=revo_...

# Background Jobs
INNGEST_EVENT_KEY=...
INNGEST_SIGNING_KEY=signkey-prod-...

Validation

Hiro CRM validates environment variables at build time using Zod schemas. Check lib/env.ts for the validation logic.

Test Your Configuration

npm run build
If any required variables are missing or invalid, the build will fail with a descriptive error message.

Security Best Practices

Never commit .env.local or .env.production files to version control.
Rotate sensitive keys (service role, API keys) every 90 days.
Never share production keys with development or staging environments.
Use API keys with the minimum required permissions (e.g., read-only for analytics).
Set up alerts for unusual API key usage patterns in your service dashboards.

Next Steps

Vercel Deployment

Deploy Hiro CRM to Vercel

Database Setup

Set up your Supabase database

Build docs developers (and LLMs) love

Get started for freeTalk to us