Best practices for JSON runtime configuration?

My app uses a simple JSON config file. I could bake it into the docker image, but it has some secret information. There seem to be a couple ways I could handle this, and I wonder if there are any tradeoffs I’m missing.

It looks like the simplest would be to use the [[files]] section of the fly configuration. Is there any problem doing this for confidential information? Based on the fact that secret_name exists I’m guessing no.

I could also cram the whole thing (potentially base64 encoded) into a fly secret as suggested here, but that feels a bit hacky and would require changes to my docker image.

Anything I’m missing?

The main one that comes to mind is using an encrypted file (in [[files]]) and then sending only the key in Fly secrets.

That would likely still require changes to your Docker image, but it would fix the “feels hacky” part.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.