0 votes
1 view
in Devops and Agile by (29.3k points)

Problem

We use java WAR files and keep config files in s3 buckets. Our environments: DEV, QA, Stage, and PROD each have their own config files and s3 buckets. If I add a new field, such as "Polling_RATE=5000", it must be manually added to each env because these config files also store passwords so they can not be tied to the application or kept inside Github. Not every engineer has access to each env so you must remember to inform the upper-level engineers (DEVOPS) before the prod deployment date to add the new field for the application to work. Its a really messy process currently.

Question

Is there a utility or architectural design pattern meant to deal with this? How do you "version control" sensitive configuration fields that you can not store within github?

1 Answer

0 votes
by (50.2k points)

I suggest you, to use dynamodb for keeping config values, with this approach the values are easily readable from the console and validated. Through this, we can change the values if necessary the app will pick the new values. Sensitive values are stored with the help of KMS keys and it can only be decrypted using the ec2 role only.  

If you add new properties to DEV dynamodb instance then that should be part of your code to env, then env properties can also be updated along with the env, and have a validation test to ensure that env has the same set of properties.

Welcome to Intellipaat Community. Get your technical queries answered by top developers !


Categories

...