Implement environment and configuration management with comprehensive guidance and automation.
ReadWriteEditGrepGlobBash(cmd:*)
Managing Environment Configurations
Overview
Manage application configurations across development, staging, and production environments using .env files, Kubernetes ConfigMaps/Secrets, SSM Parameter Store, and cloud-native configuration services. Enforce consistency, prevent configuration drift, and implement safe promotion workflows between environments.
Prerequisites
- Access to all target environments (dev, staging, production)
- Configuration management tool or pattern identified (dotenv, ConfigMaps, SSM, Consul)
- Version control for configuration files (separate repo or encrypted in application repo)
- Encryption tool for sensitive values (
sops, age, sealed-secrets, or cloud KMS)
- Understanding of which values differ between environments vs. which are shared
Instructions
- Audit existing configuration: scan for
.env files, config/ directories, Kubernetes ConfigMaps, and hardcoded values in source code
- Classify each configuration value: public (non-sensitive, varies per env), secret (credentials, API keys), and static (same across all envs)
- Extract hardcoded values into externalized configuration with a clear naming convention (
APPDATABASEHOST, APPREDISURL)
- Create environment-specific configuration files:
.env.development, .env.staging, .env.production
- Encrypt sensitive values using
sops with cloud KMS or sealed-secrets for Kubernetes
- Generate Kubernetes ConfigMaps and Secrets from environment files for cluster-based deployments
- Set up configuration validation: schema checks to ensure all required variables are present before deployment
- Implement promotion workflow: changes go to dev first, then promote to staging after testing, then to production with approval
- Add configuration drift detection: compare running environment against source-of-truth on a schedule
Output
- Environment-specific configuration files (
.env., config/.yaml)
- Kubernetes ConfigMap and Secret manifests per environment
- Configuration schema/validation script to catch missing variables
- SOPS-encrypted secret files with
.sops.yaml rules
- CI/CD pipeline steps for configuration validation and deployment
Error Handling
| Error |
Cause |
Solution |
Missing required environment variable |
Variable defined in schema but absent from .env file |
Add the variable to the environment file; run validation script before deploy |
SOPS decryption failed |
Wrong KMS key or
Ready to use environment-config-manager?
|
