Skip to content

S3. Keep configuration separate from source code

It is an anti-pattern to store configuration (credentials, etc) with an application's source code. Configuration, in this context, means credentials (see “Secrets Management” in this document) as well as values that vary by deployment environment.

The 12-factor App2 suggests that service owners consider whether an application’s codebase could be made open-source without revealing credentials as a test to evaluate whether this practice is being adhered to.

Configuration can be externalized via mechanisms such as configuration files and environment variables; the 12-factor method has a preference for the latter.