Japan Rabbit Docs

# Environment secrets

Date: 2018-10-18

# Scope

Environment variables and business secrets

# Context

We need a way to provide and store different variables and secrets depending on the running environment: development, staging or production.

# Decision

We write all the variables/secrets in dotenv files that will be automatically read by Vue CLI and multienv-loader library. These are distributed in .env, .env.development, .env.staging and .env.production for both frontend and backend apps. For simplicity, all of these files are commited to this Github repo with the exception of .env.production for backends. Everything else needs to be available for every developer. Even the frontend .env.production can be commited since all these variables will be exposed in JS in one way or another.

The only exception is .env.production for backend, since this is the critical file that stores the valuable secrets. This file will be stored in a different repository with restricted access. During backend deployment (docker build) in production, this file will be fetched by using a Github token. There is a "production check" in every backend app which will throw an error if the enviornment is production but the variables are not loaded.

Last updated: 10/18/2018, 6:18:26 AM

Redirects