Environments
Environment configuration and secrets management
Environment Types
| Environment | Purpose | URL |
|---|---|---|
development |
Local development | localhost:3000 |
staging |
Pre-production testing | staging.positlabs.io |
production |
Live production | app.positlabs.io |
Required Environment Variables
Core
# Database
DATABASE_URL=postgresql://posit:posit_dev@localhost:5434/posit
# AWS (LocalStack in development)
AWS_REGION=us-east-1
AWS_ENDPOINT_URL=http://localhost:4576
AWS_ACCESS_KEY_ID=test
AWS_SECRET_ACCESS_KEY=testSolana (Required)
# Helius API - Required for Solana parsing
HELIUS_API_KEY=your_helius_key
SOLANA_RPC_URL=https://mainnet.helius-rpc.com/?api-key=YOUR_KEYMulti-Chain (Optional)
# Base Chain
BASE_RPC_URL=https://base-mainnet.g.alchemy.com/v2/YOUR_KEY
ALCHEMY_API_KEY=your_alchemy_key
# Hyperliquid
HYPERLIQUID_API_URL=https://api.hyperliquid.xyz
HYPERLIQUID_WS_URL=wss://api.hyperliquid.xyz/wsAuthentication
# Privy - Sign-in-with-Solana
PRIVY_APP_ID=your_app_id
PRIVY_APP_SECRET=your_app_secret
# Security
ENCRYPTION_MASTER_KEY=your_32_byte_hex_key # For wallet-user mapping encryption
WEBHOOK_SIGNING_SECRET=your_webhook_secret # For webhook signature verificationPricing APIs
# Token pricing
BIRDEYE_API_KEY=your_birdeye_key # Fallback pricing APIPayments (Optional)
# Lemon Squeezy
LEMON_SQUEEZY_API_KEY=your_key
LEMON_SQUEEZY_WEBHOOK_SECRET=your_webhook_secretSecrets Management
Production secrets are stored in AWS Secrets Manager with the posit/ prefix.
Secret Names
| Secret | Description |
|---|---|
posit/api-keys/helius |
Helius RPC API key |
posit/api-keys/birdeye |
Birdeye API key |
posit/api-keys/alchemy |
Alchemy API key (multi-chain) |
posit/auth/privy-secret |
Privy app secret |
posit/auth/encryption-master-key |
Wallet encryption master key |
posit/webhooks/signing-secret |
Webhook signature secret |
posit/database-url |
Production database connection string |
Seeding Local Secrets
# Seed LocalStack with test secrets
pnpm --filter @posit/cli init-secrets
# List all secrets
pnpm --filter @posit/cli init-secrets --list
# Get a secret value
pnpm --filter @posit/cli init-secrets --get api-keys/helius
Never commit secrets: The
.env file is gitignored. Never commit API keys or credentials.
Port Mapping
Local services use non-standard ports to avoid conflicts:
| Service | Default Port | Local Port |
|---|---|---|
| Postgres | 5432 | 5434 |
| LocalStack | 4566 | 4576 |
| MinIO API | 9000 | 9010 |
| MinIO Console | 9001 | 9011 |
| Cognito Local | 9229 | 9230 |
Local DNS
For testing hostname-based routing, add entries to /etc/hosts:
# Run setup script
sudo ./scripts/setup-hosts.sh
# Or manually add:
127.0.0.1 positlabs.local
127.0.0.1 api.positlabs.local
127.0.0.1 app.positlabs.local
127.0.0.1 minio.positlabs.localGetting API Keys
| Service | URL | Notes |
|---|---|---|
| Helius | helius.dev | Free tier: 100k credits/mo |
| Birdeye | birdeye.so | Token pricing fallback |
| Alchemy | alchemy.com | Multi-chain RPC (Base) |
| Privy | privy.io | Sign-in-with-Solana |
Note: The
.local TLD distinguishes development from production .io domains.