The Twelve-Factor App: Codebase, Dependencies, and Config

Environment Variables

Environment variables are crucial for managing application settings without altering the code itself. Allen Underwood emphasizes that these variables should handle sensitive data like passwords and database connections, which vary across environments 1. This approach ensures that the code remains secure and adaptable, even if open-sourced. Joe Zack highlights the flexibility of environment variables, allowing different processes to run on the same machine without conflict 2. This orthogonality, or independence, is key to maintaining clean and efficient configurations.

You should never have to change the code. Your code should be able to run without those constants defined in the actual code.

--- Allen Underwood

Using environment variables also prevents the need for cumbersome file management, as they can be easily adjusted per session or environment.

   

Config Exposure

Avoiding the exposure of sensitive data in configuration files is a critical practice in application development. Joe Zack warns about the risks of having credentials in code, which could lead to severe consequences if the code is made public 3. Michael Outlaw discusses the importance of storing configuration data outside the codebase, such as in environment variables or machine-level configurations, to enhance security 4. This separation ensures that sensitive information is not accidentally checked into source control.

How fired would you be if your application was open sourced right now? Just a little fired or a lot fired?

--- Joe Zack

By keeping configurations separate, deployments become smoother and less error-prone, as the risk of overwriting critical settings is minimized.