neonFin
Self-host

Environment variables

Required configuration for a self-hosted neonFin instance.

Required variables

VariableExampleNotes
DATABASE_URLpostgres://...Postgres connection string.
NEONFIN_ENCRYPTION_KEYbase64...Must decode to exactly 32 bytes.
BETTER_AUTH_SECRETbase64...Random auth secret.
BETTER_AUTH_URLhttps://pay.example.comPublic dashboard/auth URL.
NEXT_PUBLIC_APP_URLhttps://pay.example.comPublic URL used for webhooks, checkout returns, and registry links.
NEONFIN_ALLOW_SIGNUPStrue or falseAllow new dashboard accounts.

Generate secrets

Generate both secrets locally:

openssl rand -base64 32
openssl rand -base64 32

Use one value for NEONFIN_ENCRYPTION_KEY and the other for BETTER_AUTH_SECRET.

Local example

.env
DATABASE_URL="postgres://neonfin:neonfin@localhost:5432/neonfin"
NEONFIN_ENCRYPTION_KEY="..."
BETTER_AUTH_SECRET="..."
BETTER_AUTH_URL="http://localhost:3000"
NEXT_PUBLIC_APP_URL="http://localhost:3000"
NEONFIN_ALLOW_SIGNUPS="true"

Production tips

  • Keep BETTER_AUTH_URL and NEXT_PUBLIC_APP_URL on the same public origin unless you have a specific reason not to.
  • Rotate provider API keys from the provider dashboard, then update neonFin.
  • Do not rotate NEONFIN_ENCRYPTION_KEY casually; it encrypts stored provider secrets.
  • Set NEONFIN_ALLOW_SIGNUPS=false after your first admin user exists.