Using Environment Variables and Secrets for Cloud Applications
Published: 2/17/2025
Every application requires configuration. Environment variables including secrets (connection strings, access keys, etc.) provide a mechanism to manage settings for the application to run in different environments (dev, test, stage, prod, etc.).
Problem
Almost every software application requires configuration in some form. Developers store configuration data as environment variables. While this method works great, it has its own challenges that complicate things in the modern world of software application.
Sharing Configuration
Usually architects or developers define these variables during application development. DevOps are required to replicate them in different environments. Normally there is no well-defined, fool-proof and process-oriented method for sharing configuration data among team members.
Version Control
Most of the time .env files are used as a flexible and portable alternative that is also easier to collaborate. However as there can be sensitive data among configuration parameters, extra care should be taken to ensure that these files are not committed to version control.
Portability
Secrets managers and native actions in CI/CD pipelines are great for managing sensitive configuration data like API keys but they too come with their own challenges such as added complexity, reduced portability, etc.
Solution
Configry.app is a great way to store and use environment variables in a safe and portable manner. Keep reading to know more about how Configry works.
Architectural Component
Configry provides a simple approach — addressing application configuration right at the start as an architectural component. That does not mean you have to make all the right decisions at the very beginning. It simply allows you to have a structure in place and start small, adding gradual improvements throughout the application lifecycle.
Separation of Concerns
There is a clear isolation of managing environment variables from the main application. This makes the process cleaner and less prone to prevent leakage of sensitive issues. It inherently promotes flexibility and portability.
Application Profiles
Configuration enables dynamic behavior by providing a different runtime context to same application running in different environments (such as development, staging, and production). You may add multiple applications to your Configry account. Each application represents a configuration profile. You may think of a configry app as a .env file. So, you define one configry app for every execution environment exactly like you define .env files for dev, prod, etc. environments. This helps you manage and share each profile independently.
Collaboration
Configry helps you collaborate on environment variables in real time in a well-defined manner safeguarding your configuration data. Configry does this without compromising on privacy and security of your account. No need to share credentials or api keys. No need to send environment variables over unsafe channels.
Adding Configuration
Configuration is added to an application as key-value entries. The data is maintained (add, update or delete) with reference to an application. When you share an application, all configuration data associated with that application is shared or cloned depending on the chosen method of collaboration.
Reading Configuration
You may fetch configuration data into your project by using simple Rest API call. We are developing clients (packages and modules) for python and javascript applications to integrate Configry into your projects seamlessly. We are working on other platforms as well.
Third-Party Secrets Managers
You may develop PoCs or even MVPs using only Configry as your configuration manager. Later in production or as your application grows, you may want to store sensitive data with your favourite Secrets Managers or native action on CI/CD pipeline. You may use Configry as an abstraction layer for such third-party integrations for a whole profile or for certain configuration variables.