Best practices for JSON runtime configuration?

apitman · October 11, 2023, 3:59pm

My app uses a simple JSON config file. I could bake it into the docker image, but it has some secret information. There seem to be a couple ways I could handle this, and I wonder if there are any tradeoffs I’m missing.

It looks like the simplest would be to use the [[files]] section of the fly configuration. Is there any problem doing this for confidential information? Based on the fact that secret_name exists I’m guessing no.

I could also cram the whole thing (potentially base64 encoded) into a fly secret as suggested here, but that feels a bit hacky and would require changes to my docker image.

Anything I’m missing?

mayailurus · October 11, 2023, 6:56pm

The main one that comes to mind is using an encrypted file (in [[files]]) and then sending only the key in Fly secrets.

That would likely still require changes to your Docker image, but it would fix the “feels hacky” part.

system · October 18, 2023, 6:57pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is my CONFIG.JSON File exposed? Questions / Help	2	374	March 22, 2023
Storing runtime configuration Questions / Help	5	430	May 4, 2024
Attaching configuration file to applications Questions / Help	4	635	January 30, 2022
Can't get my app to read the env variable	5	481	May 9, 2023
Can I inject secrets into a config file at deploy time? Questions / Help	2	208	June 14, 2023

Best practices for JSON runtime configuration?

Related topics