Best practices for JSON runtime configuration?

apitman · October 11, 2023, 3:59pm

My app uses a simple JSON config file. I could bake it into the docker image, but it has some secret information. There seem to be a couple ways I could handle this, and I wonder if there are any tradeoffs I’m missing.

It looks like the simplest would be to use the [[files]] section of the fly configuration. Is there any problem doing this for confidential information? Based on the fact that secret_name exists I’m guessing no.

I could also cram the whole thing (potentially base64 encoded) into a fly secret as suggested here, but that feels a bit hacky and would require changes to my docker image.

Anything I’m missing?

mayailurus · October 11, 2023, 6:56pm

The main one that comes to mind is using an encrypted file (in [[files]]) and then sending only the key in Fly secrets.

That would likely still require changes to your Docker image, but it would fix the “feels hacky” part.

system · October 18, 2023, 6:57pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mount secrets as files Questions / Help	3	472	November 11, 2022
mount config file into existing docker image	5	902	April 29, 2023
Recommended way to deploy apps needing a local config file Questions / Help	3	481	May 22, 2023
Attach/Use Config File for APp	3	247	May 2, 2023
Deploying listmonk app using secrets or env	3	835	October 7, 2022

Best practices for JSON runtime configuration?

Related Topics