Goal
Store all configuration settings outside of the application’s code so you can change behavior without changing the code itself.
What It Means
Configuration refers to anything that can vary between deployments — for example, database URLs, API keys, or feature flags.
- Store in environment variables – Keep configuration in environment variables instead of hardcoding them in code.
- Environment-specific – Each environment (development, staging, production) can have its own configuration without altering the code.
- No secrets in code – Avoid placing sensitive information like passwords in the source code.
Why It Matters
- Flexibility – Easily adapt the app to different environments without code changes.
- Security – Protect sensitive data by keeping it out of version control.
- Speed – Faster deployments and updates since config changes don’t require code changes.
- Reduced risk – Minimizes accidental leaks of credentials.
Example
A Node.js web app:
- Stores its database connection string in an environment variable
DATABASE_URL. - In development,
DATABASE_URLpoints to a local database. - In production,
DATABASE_URLpoints to a managed cloud database. - The code remains the same in both cases — only the environment variable changes.
Best Practices
- Use environment variables for all configs.
- Keep separate config for each environment.
- Avoid committing config files with secrets to version control.
- Use a centralized config management system for large projects.
- Document all environment variables for easier onboarding.
Takeaway
Keep configuration separate from code.
This improves security, simplifies deployments, and allows quick environment-specific changes without touching the source code.
Top comments (0)