Extracting Configuration and Secrets

Any application, independent of its dimension, will have configuration parameters. By looking at the application we’ve been building previously, even if we look at the simplest version of them all—the Hello World web server—we’ll find configuration values, such as the port value.

It’s also not a coincidence that we’re sending a full object called configuration inside the createServer function, the function that starts up the web server. At the same time, we also have a couple of values that we know should be secret in the application. They’re currently living in the code base because it’s been working for our purpose (which is learning), but we want to change it.

We’re thinking of things such as the JWT encryption keys or the MongoDB credentials. Those are definitely not things we want to check out into our version control system. This is what this lesson is about.

We’ll be looking at the configuration values and the secrets currently living in the code base. We’ll extract them so that they can be kept a secret and only passed to the application when it runs. Doing this process can be a tough job when we have an application in which the configuration values are scattered across multiple modules and files. However since we’re following some architecture best practices and thinking about keeping the code decoupled and configurable, we made our lives a little easier.

By having a look at src/index.ts, we can confirm that all the configuration values and secrets we’re using are living there. This means that all the other modules are not aware of the configuration, and that’s how it should be.

We’ll be doing this “migration” in two phases. First, we’ll extract all the configuration values into a configuration module, and then we’ll extract the secrets.