Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/natureloved/DeadMan-Vault/llms.txt

Use this file to discover all available pages before exploring further.

Deadman Vault is configured entirely through environment variables — there are no config files to edit beyond .env.local. Variables prefixed with NEXT_PUBLIC_ are embedded into the client bundle at build time and are safe to expose in the browser; all others are server-only secrets that must never reach the client. Copy .env.example to .env.local, fill in every blank, and you’re ready to run.

FlowVault / On-Chain Config

These variables point the application at the correct FlowVault smart contracts on the Stacks blockchain. They are all NEXT_PUBLIC_ because the FlowVault SDK is initialized in the browser alongside the user’s connected wallet.
The default values in .env.example target the testnet deployment. Swap the addresses and set NEXT_PUBLIC_FLOWVAULT_NETWORK=mainnet only when you have audited contracts on mainnet — the keeper is explicitly a testnet-only custodial design.
VariableDefaultDescription
NEXT_PUBLIC_FLOWVAULT_NETWORKtestnetStacks network to connect to. Either testnet or mainnet.
NEXT_PUBLIC_FLOWVAULT_CONTRACT_ADDRESSSTD7QG84VQQ0C35SZM2EYTHZV4M8FQ0R7YNSQWPDDeployer address of the flowvault-v2 contract.
NEXT_PUBLIC_FLOWVAULT_CONTRACT_NAMEflowvault-v2Name of the FlowVault routing contract.
NEXT_PUBLIC_FLOWVAULT_TOKEN_CONTRACT_ADDRESSST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGMDeployer address of the USDCx token contract.
NEXT_PUBLIC_FLOWVAULT_TOKEN_CONTRACT_NAMEusdcxName of the USDCx token contract used for vault deposits and settlements.

Supabase

Supabase provides the PostgreSQL database that stores vault state, beneficiary records, heartbeat logs, and notification history.
SUPABASE_SERVICE_ROLE_KEY bypasses all Row Level Security policies. It must only be used in server-side API routes and the keeper cron. Never expose it in client-side code, commit it to version control, or set it as a NEXT_PUBLIC_ variable — doing so would give any browser full read/write access to every row in your database.
VariableDescription
NEXT_PUBLIC_SUPABASE_URLYour Supabase project URL, e.g. https://xyzabcde.supabase.co. Found in Project Settings → API.
NEXT_PUBLIC_SUPABASE_ANON_KEYThe public anonymous key for the browser Supabase client. Safe to expose — all tables have RLS enabled with zero permissive policies, so the anon key can read and write nothing directly.
SUPABASE_SERVICE_ROLE_KEYThe service role secret key. Used exclusively in server-side routes via the admin Supabase client to bypass RLS and perform privileged database operations.

App

VariableDefaultDescription
NEXT_PUBLIC_APP_URLhttp://localhost:3000The canonical public URL of your deployment, e.g. https://vault.yourdomain.com. Used to construct absolute URLs in notification emails — beneficiary claim links and owner warning emails will break if this is set incorrectly in production.

Resend (Email)

Deadman Vault sends transactional emails — heartbeat warnings, grace-period alerts, trigger notifications, and beneficiary claim links — through Resend.
VariableDescription
RESEND_API_KEYYour Resend API key. Create one at resend.com/api-keys.
RESEND_FROM_EMAILThe verified sender address emails are sent from, e.g. vault@yourdomain.com. The domain must be verified in your Resend dashboard before emails will be delivered.

Keeper

The keeper variables control the server-side custodial settlement layer that monitors heartbeat deadlines and automatically distributes funds to beneficiaries when a vault flatlines.
KEEPER_ENCRYPTION_KEY is the AES-256-GCM master key used to encrypt every vault’s per-keeper private key before it is stored in the database. If you lose this key, all keeper private keys become unrecoverable — triggered vaults will be unable to settle, and funds locked inside them cannot be moved by the keeper. Back this value up in a secrets manager (e.g. Doppler, Infisical, or AWS Secrets Manager) separately from your database.
VariableDescription
CRON_SECRETAn arbitrary random secret used to authenticate calls to the /api/keeper endpoint. Vercel automatically sends Authorization: Bearer <secret> on scheduled cron invocations. Without this set, the endpoint is unauthenticated and anyone can trigger a sweep. Generate with openssl rand -hex 32.
KEEPER_ENCRYPTION_KEYA 64-character hex string (32 raw bytes) used as the AES-256-GCM encryption key for keeper private keys at rest. Generate with openssl rand -hex 32. Must be exactly 64 hex characters — the server will throw on startup otherwise.
KEEPER_FUNDING_PRIVATE_KEYOptional. A funded testnet Stacks private key. When set, every newly created vault’s keeper address automatically receives a 2 STX gas drip so it can pay its own transaction fees. If unset, the keeper address must be funded manually from the Stacks testnet faucet before a deposit can be processed.
Generate both CRON_SECRET and KEEPER_ENCRYPTION_KEY in a single command:
echo "CRON_SECRET=$(openssl rand -hex 32)"
echo "KEEPER_ENCRYPTION_KEY=$(openssl rand -hex 32)"

Complete .env.local Example

# ── FlowVault / On-Chain ───────────────────────────────────────────────────────
NEXT_PUBLIC_FLOWVAULT_NETWORK=testnet
NEXT_PUBLIC_FLOWVAULT_CONTRACT_ADDRESS=STD7QG84VQQ0C35SZM2EYTHZV4M8FQ0R7YNSQWPD
NEXT_PUBLIC_FLOWVAULT_CONTRACT_NAME=flowvault-v2
NEXT_PUBLIC_FLOWVAULT_TOKEN_CONTRACT_ADDRESS=ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
NEXT_PUBLIC_FLOWVAULT_TOKEN_CONTRACT_NAME=usdcx

# ── Supabase ───────────────────────────────────────────────────────────────────
NEXT_PUBLIC_SUPABASE_URL=https://xyzabcde.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# ── App ────────────────────────────────────────────────────────────────────────
NEXT_PUBLIC_APP_URL=http://localhost:3000

# ── Resend (Email) ─────────────────────────────────────────────────────────────
RESEND_API_KEY=re_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
RESEND_FROM_EMAIL=vault@yourdomain.com

# ── Keeper ─────────────────────────────────────────────────────────────────────
CRON_SECRET=a3f8c2d1e9b4...                       # openssl rand -hex 32
KEEPER_ENCRYPTION_KEY=7b9e1f2a4c8d3e6b...          # openssl rand -hex 32
KEEPER_FUNDING_PRIVATE_KEY=                         # optional; funded testnet key

Build docs developers (and LLMs) love