Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Pragyat-Nikunj/VidTube/llms.txt
Use this file to discover all available pages before exploring further.
VidTube reads all of its configuration from environment variables loaded by dotenv. Before you start the server, create a .env file at the project root and populate it with the values described below. Every variable listed here must be present unless marked optional — a missing required variable will cause the server to fail silently or throw an error at runtime.
Create your .env file
Place a file named .env in the root of your VidTube project (the same directory that contains package.json):
Then fill in each variable using the reference below.
Never commit your .env file to version control. It contains secrets that grant access to your database, Cloudinary account, and JWT signing. Add .env to your .gitignore file immediately.
Variable reference
Server
| Variable | Required | Description | Example |
|---|
NODE_ENV | Yes | Runtime environment. Set to development locally and production in deployed environments. Affects whether the secure flag is set on cookies and whether stack traces appear in error responses. | development |
PORT | Yes | Port the Express server listens on. | 3000 |
CORS_ORIGIN | Yes | The origin allowed to make cross-origin requests. Use your frontend URL in production, or * to allow all origins during development. | http://localhost:5173 |
Database
| Variable | Required | Description | Example |
|---|
MONGODB_URL | Yes | Full MongoDB connection string, including credentials and database name. Supports both local instances and cloud clusters (e.g., MongoDB Atlas). | mongodb+srv://user:pass@cluster.mongodb.net/vidtube |
JWT tokens
| Variable | Required | Description | Example |
|---|
ACCESS_TOKEN_SECRET | Yes | Secret used to sign and verify JWT access tokens. Use a long, random string — at least 64 bytes of entropy. | (generate below) |
ACCESS_TOKEN_EXPIRY | Yes | How long an access token remains valid. Standard duration strings such as 1h or 15m are accepted. | 1h |
REFRESH_TOKEN_SECRET | Yes | Secret used to sign and verify JWT refresh tokens. Use a different value from ACCESS_TOKEN_SECRET. | (generate below) |
REFRESH_TOKEN_EXPIRY | Yes | How long a refresh token remains valid. | 10d |
Cloudinary
| Variable | Required | Description | Example |
|---|
CLOUDINARY_CLOUD_NAME | Yes | Your Cloudinary cloud name, shown in the Cloudinary Dashboard. | my-cloud |
CLOUDINARY_API_KEY | Yes | Your Cloudinary API key. | 123456789012345 |
CLOUDINARY_API_SECRET | Yes | Your Cloudinary API secret. Keep this private — it authorizes writes and deletes on your account. | abc123xyz... |
Example .env file
# Server
NODE_ENV=development
PORT=3000
CORS_ORIGIN=http://localhost:5173
# Database
MONGODB_URL=mongodb+srv://john:secret@cluster0.abc123.mongodb.net/vidtube
# JWT
ACCESS_TOKEN_SECRET=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
ACCESS_TOKEN_EXPIRY=1h
REFRESH_TOKEN_SECRET=b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3
REFRESH_TOKEN_EXPIRY=10d
# Cloudinary
CLOUDINARY_CLOUD_NAME=my-cloud
CLOUDINARY_API_KEY=123456789012345
CLOUDINARY_API_SECRET=abc123xyzSuperSecretValue
Generate secure secrets for your token signing keys using Node.js built-in crypto:node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
ACCESS_TOKEN_SECRET and one for REFRESH_TOKEN_SECRET. Production checklist
Before deploying to production:
- Set
NODE_ENV=production so cookies receive the secure flag and stack traces are hidden from error responses.
- Set
CORS_ORIGIN to your exact frontend URL — avoid * in production.
- Use your hosting platform’s secret management (environment variable settings, secret manager, etc.) instead of shipping a
.env file.
- Rotate your JWT secrets immediately if they are ever exposed.