diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml
index c5db4ed..184b51e 100644
--- a/ansible/group_vars/all/vault.yml
+++ b/ansible/group_vars/all/vault.yml
@@ -1,48 +1,69 @@
 $ANSIBLE_VAULT;1.1;AES256
-35313963633335346336316139656531613164666132623362393137333034303438643063613861
-3964373430656434376362396361633338363363326565640a306365353965643433643333316438
-39653236656561303033343766663865616434656631666439626238616330386132663939353962
-3339393130396634300a613065306536643133353837646666366565303466633963386533323732
-30626338336562666333323332616533666634323833333563333938666132313163393462336236
-35656161623036333639626565646463366533613633663031643363353035303165383465656230
-34616662633262636630346438356261656234623965616330356639383166623533386439366336
-62363665313265383761376636653432343234663363303630656630643432623730343264633638
-62646461313937646365656631363162653737626265386561383937656437663637306263613363
-33616363666435323733356430323632373762626364396131393366646330373834656263363463
-66343961623438623239383437306364663362396238346465623630373939633830333361393235
-39633537323366313136306264663830626438616434663430353936303661323665376237353335
-36336135376632386231313030356465353665613930303437313564636130636336316431633663
-36646430323236336634323730366533656364333935373161353939613761623331633138653062
-66323536323139373837313433393065316163353030383536326531323137393833633465333432
-38366563303463616365353064383161323334356530306431613862613631376461643438613733
-36333164643165623864616631653432633961383035303331313339373337326661306238343063
-63363665646139393363643038353230626465343336393865303062373261306531336164643638
-66346163336236383131333237366630383964633334323461303330356465353937343535343032
-37613961303861646266333162303731383962333562393035663239623539306230316134613239
-61346234323038656237646661353663363262383965653637356663653966633664383430373363
-33313332666138353939656266353134396633616364636333376232613230336361326265366265
-66656334613435663432646165383262616636633232643230353434653237646133636361656639
-36623564373835393862343330336361336432333834363234376534376132353165626134323135
-31383030626362343034303838656631393565666330646465323434326434383466646164653935
-30653235633262313537333733396464633238313830326633376436323364636337393263666630
-65323830396138663761383832386264336534633961653837656432336366346439306134316235
-65343163636364653262396364356233653533333363396339633564643831383733663863393632
-33326262653438366435646337373638393238343039626533363239366366373663616366643365
-39303837623835643831633066303861633930396566663261616132353933306237353561313563
-39623732323566303937636133336665386231383637396565343430393232636230393638303138
-35326565373936616666613635316239346535656463356531393830303230303033663031303339
-65623433663230343639643033363666393264613964386134383230363030373232373637303836
-30623461633062303039663331343134323264326264386462336566666330386130313039313635
-33336435623938656435633432323536323064323262623832313764366466396465306338303038
-35343131393132333664313563393662663761643265333937373136326563396535356461316562
-63323335343266653565303037386463396131613133663835396531353064396265353031396664
-38393131613430623330323038313062626334666161656665633934336163666533376134373831
-66323563323765643532653864306335323463376363346662353033666138386638643564616333
-38643932616530623164363663333437346333346465363634633532313931623138613134343338
-62333333393166323039373163623033613736303066616364376432393830343262613661633831
-66653661353738646439356661376161623061313334656165303736313262616563323361333535
-33636261313436663961343162326664366461633263633736363634323163366135666362383166
-37633435373335343434653865613336333765663334643230663330646536633835393336333563
-64373434386464656137343835633165353637373830313030626235396162653035326361623431
-63346165643938643638313439383734666236343266333836303130353634626234656430633138
-313532626665646362623037353863656235
+35323061323763313630376438346339613532396437616537636466383462636261343761356563
+3439383639353636383232663533313433366366376535610a313433666263383838616334353337
+36373161613833613565303131646266663030633133623066653935373836393766363633613334
+6439633034613765360a633132346339363966303034313465616435333366343765373735396265
+63376331656230666636623964623565386261636237613565313664336130313931363835313339
+61653361303435653931373165656266396638376163646661633235366633663730623131636361
+31376339373836343935356133336530376264646464323163313366356431353734386432393837
+32336163343264633363646135373863623537613738326232376265363665346136306530313762
+64393562666236376533643336383062626131646561313261653535323232326430393833386637
+35663037336265363436646638366338663332363937333534383661393337313633343063666332
+66623534636162366364623234353331393230336461663865666565343337363362353834376662
+38643762656639306335303666613632663663393538383435316535316366343464303062613630
+37633166343834373230313439663538623466326334623138316630353266663930623537353561
+39663861666439396462343761643966353764343439313265343235383331336163353037636262
+30653830613431633535663039636633616162376239346336316531633032303635616134303032
+35643265306265313631373230626136663636393462656437323231336233303134386332353731
+32303662633836333161373666393761613263613065626139653137326262353131626639653230
+64643431363363313462343565393735336437666435646135336438386262336231643265313666
+32303666363666336133613565363134636435306635356237623134666464623539346231376466
+34396366343634336638373766373730656165633033383432646536383334363663656564353464
+61313464666233313432613865326337373333613234393833383837356338333864656462663336
+32316665356662303361326535633932333766363765366137343262663931656562653766373638
+65323866303634636561663831656233313434306137323636633130376238386138396539343437
+64636630346263656137396466363932343334633361643339636635393562363539383466633633
+31316535316230333538623236663861336239363566353730643039323261633861323137353539
+63373530373432363939386135636163643639363362323736643639306436616163383632633337
+30303362313437396632643332646330393035623832383864636535393233333433393331323038
+35666134393435353334653637313131373963313837333934653234323964353765366136303532
+34323465653838653433666634383435393838363734376665363230363062616464643064376439
+64323463313066396133636437383537393362333864376536666137643236366335346435663433
+30613164643739623531323965663539346466346230636334643661343533613766656134613463
+39373966323636613263386661643431313230313162636261346233396365323735366530303266
+31623561396332333764663832343533363161336439623830343736653831646137623031346636
+61623832353062373763626138653861353166626533396239663463333863633737666236326161
+66376233656138373766313163316133356637633536333735396433303732306562366466663564
+61633163656239646665303162363538366362306231613161323364663036316364306236383331
+62363935623334376131623732313735333531643262653465653734333432353763383763373338
+63373537383761623661366565613337623839363161376235366338373430306265643133396536
+64373935613163303033626439313333313164343066386362626437313166666232306264363735
+66616139313736616262303237343335613466333636336135663162303232366435363839363663
+30646566653934663732616462356662623361386431376663346437333764643861613630393437
+61623964666338353635306631366666393730396338366338646337306533623965653566363337
+32333437303131393237616138643834313163306333663163663437386532373131653132656235
+63356536646366633036396137306364346464376332333362616233386263666266336364636531
+65653238666234363366316262333330383737646462623835626533353339646536376339383433
+38633664353134643366663666306635636434386161376138343761653335643934663464383034
+38333134333738643337343131323934366262636363303130313965343734336230626530346562
+33396436636431656630373731613865613435333637326662626137633066653732333239366663
+31626462393131663938636434646137353763646131393233636265666263336132366262303464
+31616664613361336132356333643839353738656566663833306262663566396361646334323036
+30373165316232316565666636396438383963313334366337303430363262396661613436396366
+35336236313862623033646134306433613230653837303834353336333434386337376234386639
+33343862313831643431383636643835613235373031326631616638666333623334636364613364
+32633764336635353637623135303162643832393634646331643632636433646636303733623938
+35343839316537323161326163376232353539316538643938333336643034653864653366363966
+33373434366238363638346339376562333335636133323733616365303933313332626236376666
+32636333326534303066616132353535303132643930303563353661333836386566353234373033
+39366231313031613963663230633835666565623236393361323434313836323636333834336166
+31386165363165363336613463626564653863633163386433623537336566363764643961613930
+36346466363561333661306532373036303134303632393661303439396663376435653039356131
+65353738383633313963643366353866623538623036373337663038333063626562613066383665
+63336166626432363864313630323736663434303832373864643661323235666535323663306236
+30373861663731616463633039353139383139346135306239333735356333646532313231656136
+35313436363532353439373237356434393039383933356135653037613134356462396161363831
+39383462356463633661663962633064666539663566663634656237386439373336363362343230
+39363032323836663337353332646136303239393530353661326437383630626563303434626166
+39633066633730323364313763663439366232346331653633646534663763336365396639633138
+65326135303735356133
diff --git a/ansible/playbooks/OPENAPPLY-VAULT-REFERENCE.md b/ansible/playbooks/OPENAPPLY-VAULT-REFERENCE.md
index 71b4051..df40b69 100644
--- a/ansible/playbooks/OPENAPPLY-VAULT-REFERENCE.md
+++ b/ansible/playbooks/OPENAPPLY-VAULT-REFERENCE.md
@@ -40,6 +40,22 @@ vault_openapply_firebase_token: !vault |
   [encrypted token here]
 ```
 
+### SPA Firebase Configuration (Required for non-blank /app UI)
+
+```yaml
+# Public Firebase client config used at SPA build-time
+vault_openapply_firebase_api_key: "AIza..."
+vault_openapply_firebase_auth_domain: "your-project.firebaseapp.com"
+vault_openapply_firebase_project_id: "your-project-id"
+vault_openapply_firebase_storage_bucket: "your-project.appspot.com"
+vault_openapply_firebase_messaging_sender_id: "1234567890"
+vault_openapply_firebase_app_id: "1:1234567890:web:abcdef123456"
+
+# Optional UX/admin metadata
+vault_openapply_admin_email: "admin@your-domain.tld"
+vault_openapply_support_email: "support@your-domain.tld"
+```
+
 ## Creating/Editing Vault Variables
 
 ### First-time Setup
diff --git a/ansible/roles/openapply_app/defaults/main.yml b/ansible/roles/openapply_app/defaults/main.yml
index 2e738e9..6cd05b0 100644
--- a/ansible/roles/openapply_app/defaults/main.yml
+++ b/ansible/roles/openapply_app/defaults/main.yml
@@ -32,6 +32,19 @@ openapply_app_env:
   NODE_ENV: production
   PORT: "{{ openapply_app_service_port }}"
 
+openapply_app_spa_env:
+  VITE_BASE_URL: /app
+  VITE_FIREBASE_API_KEY: "{{ vault_openapply_firebase_api_key | default('your-firebase-api-key') }}"
+  VITE_FIREBASE_AUTH_DOMAIN: "{{ vault_openapply_firebase_auth_domain | default('your-project.firebaseapp.com') }}"
+  VITE_FIREBASE_PROJECT_ID: "{{ vault_openapply_firebase_project_id | default('your-project-id') }}"
+  VITE_FIREBASE_STORAGE_BUCKET: "{{ vault_openapply_firebase_storage_bucket | default('your-project.appspot.com') }}"
+  VITE_FIREBASE_MESSAGING_SENDER_ID: "{{ vault_openapply_firebase_messaging_sender_id | default('your-sender-id') }}"
+  VITE_FIREBASE_APP_ID: "{{ vault_openapply_firebase_app_id | default('your-app-id') }}"
+  VITE_ADMIN_EMAIL: "{{ vault_openapply_admin_email | default('admin@example.com') }}"
+  VITE_SUPPORT_EMAIL: "{{ vault_openapply_support_email | default('support@example.com') }}"
+
+openapply_app_require_real_firebase_config: true
+
 openapply_app_firebase_token: "{{ vault_openapply_firebase_token | default('') }}"
 openapply_app_verify_status_codes:
   - 200
diff --git a/ansible/roles/openapply_app/tasks/deploy_code.yml b/ansible/roles/openapply_app/tasks/deploy_code.yml
index 017abc2..a3fccc1 100644
--- a/ansible/roles/openapply_app/tasks/deploy_code.yml
+++ b/ansible/roles/openapply_app/tasks/deploy_code.yml
@@ -63,6 +63,14 @@
     group: "{{ openapply_app_service_group }}"
     mode: "0640"
 
+- name: Render OpenApply SPA build environment file
+  ansible.builtin.template:
+    src: openapply.spa.env.j2
+    dest: "{{ openapply_app_root }}/spa/.env"
+    owner: "{{ openapply_app_service_user }}"
+    group: "{{ openapply_app_service_group }}"
+    mode: "0640"
+
 - name: Check node_modules presence
   ansible.builtin.stat:
     path: "{{ openapply_app_root }}/node_modules"
diff --git a/ansible/roles/openapply_app/tasks/validate.yml b/ansible/roles/openapply_app/tasks/validate.yml
index 78f5248..d7b54c9 100644
--- a/ansible/roles/openapply_app/tasks/validate.yml
+++ b/ansible/roles/openapply_app/tasks/validate.yml
@@ -15,3 +15,17 @@
       - openapply_app_service_user | length > 0
       - openapply_app_start_command | length > 0
     fail_msg: "Required OpenApply role variables are missing."
+
+- name: Ensure real Firebase SPA configuration is provided
+  ansible.builtin.assert:
+    that:
+      - openapply_app_spa_env.VITE_FIREBASE_API_KEY != 'your-firebase-api-key'
+      - openapply_app_spa_env.VITE_FIREBASE_AUTH_DOMAIN != 'your-project.firebaseapp.com'
+      - openapply_app_spa_env.VITE_FIREBASE_PROJECT_ID != 'your-project-id'
+      - openapply_app_spa_env.VITE_FIREBASE_STORAGE_BUCKET != 'your-project.appspot.com'
+      - openapply_app_spa_env.VITE_FIREBASE_MESSAGING_SENDER_ID != 'your-sender-id'
+      - openapply_app_spa_env.VITE_FIREBASE_APP_ID != 'your-app-id'
+    fail_msg: >-
+      OpenApply SPA is using placeholder Firebase values. Set vault_openapply_firebase_* variables
+      in group_vars/all/vault.yml, then redeploy.
+  when: openapply_app_require_real_firebase_config | bool
diff --git a/ansible/roles/openapply_app/templates/openapply.spa.env.j2 b/ansible/roles/openapply_app/templates/openapply.spa.env.j2
new file mode 100644
index 0000000..22ad996
--- /dev/null
+++ b/ansible/roles/openapply_app/templates/openapply.spa.env.j2
@@ -0,0 +1,3 @@
+{% for key, value in openapply_app_spa_env.items() %}
+{{ key }}={{ value }}
+{% endfor %}