Config & Secrets
Source: content/manual/02-12factor/chapters/01-config-and-secrets.md
Purpose and scope
Ensure configuration is externalized, versioned, and secure across environments.
Outcomes
- No secrets in repos or images.
- Environment parity and predictable rollouts.
- Fast, auditable config changes.
Signals of trouble
.envfiles committed or passed around manually.- Snowflake configs between environments.
- Secrets rotated inconsistently.
Remediation steps
- Integrate a secrets manager (Vault/SSM) with apps and CI.
- Store config overlays in Git; validate parity in CI.
- Automate secret rotation and drift detection.
Checklists and assets
playbooks/12factor-modernized/checklist.mdconfig tasks.
References
- GitOps docs; internal security policies.