Environment Variables

Complete inventory of all environment variables, secrets, and configuration used by tripplan.ing.

Worker secrets

Set via Wrangler secrets (pushed by CI):

Variable	Required	Description
STRIPE_SECRET_KEY	For payments	Stripe API secret key (test or live mode)
STRIPE_WEBHOOK_SECRET	For payments	Stripe webhook endpoint signing secret
MAILGUN_API_KEY	For email	Mailgun API key
MAILGUN_DOMAIN	For email	Mailgun sending domain (e.g., mg.tripplan.ing)
PAYPAL_CLIENT_ID	For PayPal	PayPal app client ID (optional)
PAYPAL_CLIENT_SECRET	For PayPal	PayPal app secret (optional)
PAYPAL_WEBHOOK_ID	For PayPal	PayPal webhook ID (optional)
PAYPAL_SANDBOX	For PayPal	true for sandbox, false for live (optional)

Worker bindings

Set in wrangler.toml or as Worker environment variables:

Variable	Required	Description
PLATFORM_OPERATOR_EMAILS	Yes	Comma-separated list of platform operator emails
PLATFORM_DOMAIN_SUFFIX	Yes	Default domain suffix for events (e.g., tripplan.ing)

Cloudflare resource bindings

Configured in wrangler.toml:

Binding	Type	Description
DB	D1	SQLite database (Drizzle ORM)
KV	KV Namespace	Sessions, OTP codes, rate limiting
R2	R2 Bucket	Photo and document storage

GitHub Environment variables

Set as non-secret variables in GitHub Environments:

Variable	Description
CF_ACCOUNT_ID	Cloudflare account ID
WORKER_NAME	Worker name (e.g., tripplan or tripplan-dev)
D1_DATABASE_ID	D1 database UUID
D1_DATABASE_NAME	D1 database name
KV_NAMESPACE_ID	KV namespace UUID
R2_BUCKET_NAME	R2 bucket name
PLATFORM_DOMAIN_SUFFIX	Domain suffix for event subdomains
PLATFORM_OPERATOR_EMAILS	Operator email list
DOCS_WORKER_NAME	Docs site worker name

GitHub Environment secrets

Set as encrypted secrets in GitHub Environments:

Secret	Description
CF_DEPLOY_API_TOKEN	Cloudflare API token with deploy permissions
STRIPE_SECRET_KEY	Stripe API key
STRIPE_WEBHOOK_SECRET	Stripe webhook signing secret
MAILGUN_API_KEY	Mailgun API key
MAILGUN_DOMAIN	Mailgun domain
PAYPAL_CLIENT_ID	PayPal app client ID (optional)
PAYPAL_CLIENT_SECRET	PayPal app secret (optional)
PAYPAL_WEBHOOK_ID	PayPal webhook ID (optional)
PAYPAL_SANDBOX	PayPal sandbox mode flag (optional)

Per-event overrides

These can be set per-event in the settings table to override global values:

Setting field	Overrides	Description
stripeSecretKey	STRIPE_SECRET_KEY	Per-event Stripe account
stripeWebhookSecret	STRIPE_WEBHOOK_SECRET	Per-event webhook secret
paypalClientId	—	PayPal client ID
paypalClientSecret	—	PayPal client secret
paypalWebhookId	—	PayPal webhook ID
paypalSandbox	—	Use PayPal sandbox mode

Local development

Create a .dev.vars file in the project root:

# Payments (optional for basic dev)
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...

# Email (optional if using dev bypass)
MAILGUN_API_KEY=key-...
MAILGUN_DOMAIN=mg.example.com

# PayPal (optional)
PAYPAL_CLIENT_ID=
PAYPAL_CLIENT_SECRET=
PAYPAL_WEBHOOK_ID=
PAYPAL_SANDBOX=true

# Platform
PLATFORM_OPERATOR_EMAILS=dev@localhost
PLATFORM_DOMAIN_SUFFIX=localhost

# Dev convenience
ENABLE_DEV_BYPASS=true

Dev-only variables

Variable	Default	Description
ENABLE_DEV_BYPASS	false	Skip authentication in local dev
DATABASE_URL	file:data/local.db	SQLite database path (Docker)
FILES_DIR	data/objects	File storage directory (Docker)

AppEnv interface

All variables are accessed through the AppEnv interface at runtime:

interface AppEnv {
  db: Database;
  kv: KvStore;
  blobs: BlobStore;
  STRIPE_SECRET_KEY: string;
  STRIPE_WEBHOOK_SECRET: string;
  PAYPAL_CLIENT_ID: string;
  PAYPAL_CLIENT_SECRET: string;
  PAYPAL_WEBHOOK_ID: string;
  PAYPAL_SANDBOX: string;
  MAILGUN_API_KEY: string;
  MAILGUN_DOMAIN: string;
  PLATFORM_OPERATOR_EMAILS: string;
  PLATFORM_DOMAIN_SUFFIX: string;
}

Related pages

• Environment & Secrets — deployment-focused env setup guide
• Cloudflare Workers — resource binding setup
• Local Development — .dev.vars configuration