top | item 38530067

(no title)

I definitely feel this pain. Changing environment variables at works sucks. JIRA ticket and then back and forth with SRE about whether we really need it.

So it all goes in code and defeats the whole purpose of having the app be configurable.

I don't know if secret management should be part of the same system though.

discuss

jdwyah|2 years ago

Re secret management, totally agree that this won't work for everyone. Everyone's got their own passionately held opinions here.

Our intent is to provide the same thing you get with Rails encrypted credentials https://edgeguides.rubyonrails.org/security.html#custom-cred... but for all supported languages and in a way that let's you share between apps.

If you want a lot more control than that, 1P, Doppler, Envkey may be the way and those can fit in via environment variables as normal.