Skip to content

Externalized configuration

Intent

Keep environment-specific configuration outside the deployable artifact so it can vary per environment and be changed safely.

Use when

  • You deploy the same artifact to multiple environments (dev/staging/prod) with different endpoints/secrets.
  • You need to rotate secrets, change feature flags, or tune limits without rebuilding images.

Avoid / watch-outs

  • Treat config as part of the contract: validate at startup and fail fast with clear errors.
  • Don’t leak secrets in logs/telemetry; apply strict redaction discipline.

Skill mapping

  • platform: config loading/validation primitives with explicit schemas.
  • security: secret handling, redaction, and least privilege for config access.
  • observability: log effective config version/hash (not secret values) for debugging.