Environment reference
OpenPartner follows the principle that env is for secrets and build-time config; runtime content lives in the admin UI. So this list is shorter than you’d expect from competing products.
Required
| Variable | Description |
|---|---|
DATABASE_URL | Postgres connection string. |
SECRETS_ENCRYPTION_KEY | 32-byte hex. Used to encrypt SMTP passwords, Postmark tokens, etc. |
Generate a key with:
openssl rand -hex 32Optional
| Variable | Description |
|---|---|
OPENPARTNER_MODE | selfhost (default), flat, or revshare. Gates billing layer. |
COOKIE_DOMAIN | First-party cookie scope. Default: request host. |
MAIL_FROM | Default From: address. Overridable in admin UI. |
POSTMARK_SERVER_TOKEN | Postmark API token. Overridable in admin UI. |
SMTP_HOST / SMTP_PORT / SMTP_USER / SMTP_PASSWORD | SMTP fallback. Overridable. |
STRIPE_SECRET_KEY | Required for Connect payouts on hosted tiers and for billing the merchant subscription. |
STRIPE_WEBHOOK_SECRET | Webhook signing secret(s). Accepts a single value or a comma-separated list — Stripe’s “Event destinations” UI uses separate destinations for platform-account vs connected-account events, so you’ll have two secrets to verify against. |
STRIPE_FLAT_PRICE_ID | Stripe Price ID for the Hosted Flex monthly subscription (flat mode). |
ADMIN_API_KEY | Bootstrap / CI bearer. Bypasses Admin user, behaves like a headless admin. |
What’s NOT in env
These all live in the Config table and are managed from the admin UI:
- Program name (the brand partners see)
- Support email
- Active mail transport (Postmark vs. SMTP vs. none)
- Attribution model + lookback window
- Commission rules
Why? You can rotate them without redeploying, and self-host customers don’t have to manage config in two places.