Currently, I have configurations files stored in GitHub. I have a single json file with the format as below
{ DEV: { key1 : val1, key2 : val2 }, PROD: { key1 : val1, key2 : val2 } }
My build system clones the git repo, builds the projects and creates a Docker image and stores in a private Docker registry. I have the jar files and configuration files copied into the Docker image. Whenever I spin up a container I inject an environment variable (ENV=DEV/PROD) which my code uses to read configs based on the environment.
I have a couple of questions here:
What is the best way to maintain environment specific configuration?
Configuration files may contain sensitive data such as api keys and secrets how can I encrypt and store and decrypt when I build Docker image?
If I want to change some configuration I need to trigger build because my configuration file is placed inside a Docker image. Can I place config files outside Docker container as a volume so that I can replace the config file and restart container so that code reads updated configs? If I want to place outside of Docker container can I still use any cluster management tools for container orchestration/management (Kubernetes/ECS)?
What is the way to make apps running in Docker containers read updated configs by just restarting the container instead of building a new docker image and deploying a new container?