Clerk stays. Lucia needs dependable identity, not a dramatic auth rewrite.
Runbook phase mapping
- Phase 1 — account access, instance ownership, and key references
- Phase 5 — staging callback URLs, redirects, origins, and auth alignment
Primary runbook page: 08 - Live Transition Runbook
Why Clerk is still in the stack
Clerk is already good enough to continue using for Lucia’s hosted staging and likely early production.
That means:
- no auth rewrite right now
- no fake infrastructure progress through identity churn
- keep focus on Lucia’s behavior, truth-state, and operational excellence
Lucia role
Clerk should handle:
- admin/operator authentication
- protected private staging access where relevant
- future multi-user/org identity if Lucia expands
What Clerk should not distract us from
Clerk does not solve:
- truth-state discipline
- orchestration confirmations
- distress continuity
- runtime maturity
- operator intelligence quality
It just solves auth. Good. Let it do that and stay in its lane.
Setup checklist
Stage 1 — confirm baseline
Stage 2 — staging integration
Stage 3 — future expansion
Credentials + account reference
Account access
| Item | Value |
|---|
| Account email | |
| Dashboard URL | |
| Application name | |
| Instance / environment | |
| MFA method | |
| Recovery codes location | |
Keys and secrets
| Secret / Token | Value or 1Password Reference | Notes | Rotated |
|---|
| Publishable key | | client-facing | |
| Secret key | | server-only | |
| JWT / signing references | | if applicable | |
| Webhook signing secret | | if applicable | |
URL and redirect tracker
| Item | Value |
|---|
| Staging app URL | |
| Staging sign-in URL | |
| Staging sign-up URL | |
| Staging after-sign-in URL | |
| Staging after-sign-out URL | |
| Production app URL | |
Role model notes
Current roles
Future Lucia roles
- operator
- admin
- owner
- future org/property scoped roles
Notes / gotchas
- Leave Clerk alone unless it actually blocks Lucia.
- Auth rewrites are where good intentions go to die.
Related pages
