Skip to main content
HashDrop uses environment variables to configure external services and deployment targets. The web app reads variables from a .env.local file in the project root, which Next.js loads automatically and never includes in client bundles unless the variable name starts with NEXT_PUBLIC_. The mobile app uses its own .env file in the mobile/ directory, read by Expo at build and dev time.
Never commit .env.local or mobile/.env to version control. Both files contain secrets. Add them to your .gitignore and share values through a secrets manager or a secure internal channel.

Web app environment variables

Create a .env.local file in the repository root based on .env.local.example.
LIVEKIT_API_KEY
string
The API key for your LiveKit project. Used server-side to sign access tokens when creating or joining a video conference room. Obtain this from the LiveKit Cloud dashboard or your self-hosted server configuration.
LIVEKIT_API_SECRET
string
The API secret paired with LIVEKIT_API_KEY. Used to sign JWT tokens server-side. Keep this value strictly server-side — it must never be exposed to the browser.
LIVEKIT_URL
string
The HTTP(S) URL of your LiveKit server (e.g. https://your-project.livekit.cloud). Used by server-side API routes when communicating with LiveKit.
NEXT_PUBLIC_LIVEKIT_URL
string
The WebSocket URL of your LiveKit server (e.g. wss://your-project.livekit.cloud). This is the value the browser-side LiveKit client connects to. Because the variable name starts with NEXT_PUBLIC_, Next.js bundles it into the client.
METERED_DOMAIN
string
The domain of your Metered.ca TURN service (e.g. your-app.metered.live). When set alongside METERED_SECRET_KEY, the /api/webrtc/ice-servers endpoint fetches short-lived TURN credentials dynamically instead of using the public fallback servers.
METERED_SECRET_KEY
string
The secret key for your Metered.ca account. Used server-side only to request time-limited TURN credentials on behalf of connecting peers.
LIVEKIT_API_KEY, LIVEKIT_API_SECRET, LIVEKIT_URL, and NEXT_PUBLIC_LIVEKIT_URL are only required if you want to use the video conferencing feature. File transfer and chat work without them. METERED_DOMAIN and METERED_SECRET_KEY are optional — omitting them causes the ICE server endpoint to return the built-in public fallback servers instead.
.env.local
# LiveKit — required for video conferencing only
LIVEKIT_API_KEY=your_api_key_here
LIVEKIT_API_SECRET=your_api_secret_here
LIVEKIT_URL=https://your-project.livekit.cloud
NEXT_PUBLIC_LIVEKIT_URL=wss://your-project.livekit.cloud

# Metered TURN — optional, enables dynamic TURN credentials
METERED_DOMAIN=your-app.metered.live
METERED_SECRET_KEY=your_metered_secret_key

Mobile app environment variables

The mobile app is an Expo project located in the mobile/ directory. Create a mobile/.env file based on mobile/.env.example.
EXPO_PUBLIC_WEB_URL
string
required
The base URL of the deployed HashDrop web app. The mobile app uses this to relay file uploads and to construct deep-link URLs for QR code sharing. During local development, set this to your machine’s LAN IP address so that a physical device on the same network can reach the Next.js dev server.
mobile/.env
# Production
EXPO_PUBLIC_WEB_URL=https://hashdrop.metesahankurt.cloud

# Local development — replace with your machine's LAN IP
# EXPO_PUBLIC_WEB_URL=http://192.168.1.10:3000

Build docs developers (and LLMs) love

Get started for freeTalk to us